Home | History | Annotate | Download | only in Linux 
      1 // Test that ASan detects buffer overflow on read from socket via recvfrom.
      2 //
      3 // RUN: %clangxx_asan %s -DRECVFROM -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-RECVFROM
      4 // RUN: %clangxx_asan %s -DSENDTO -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-SENDTO
      5 // RUN: %clangxx_asan %s -DSENDTO -o %t && %env_asan_opts=intercept_send=0 %run %t 2>&1
      6 //
      7 // UNSUPPORTED: android
      8 
      9 #include <stdio.h>
     10 #include <unistd.h>
     11 #include <stdlib.h>
     12 #include <string.h>
     13 #include <netdb.h>
     14 #include <sys/types.h>
     15 #include <sys/socket.h>
     16 #include <pthread.h>
     17 
     18 #define CHECK_ERROR(p, m)                                                      \
     19   do {                                                                         \
     20     if (p) {                                                                   \
     21       fprintf(stderr, "ERROR " m "\n");                                        \
     22       exit(1);                                                                 \
     23     }                                                                          \
     24   } while (0)
     25 
     26 const int kBufSize = 10;
     27 int sockfd;
     28 
     29 static void *client_thread_udp(void *data) {
     30 #ifdef SENDTO
     31   const char buf[kBufSize / 2] = {0, };
     32 #else
     33   const char buf[kBufSize] = {0, };
     34 #endif
     35   struct sockaddr_in serveraddr;
     36   socklen_t addrlen = sizeof(serveraddr);
     37 
     38   int succeeded = getsockname(sockfd, (struct sockaddr *)&serveraddr, &addrlen);
     39   CHECK_ERROR(succeeded < 0, "in getsockname");
     40 
     41   succeeded = sendto(sockfd, buf, kBufSize, 0, (struct sockaddr *)&serveraddr,
     42                      sizeof(serveraddr));
     43   // CHECK-SENDTO: {{READ of size 10 at 0x.* thread T1}}
     44   // CHECK-SENDTO: {{    #1 0x.* in client_thread_udp.*recvfrom.cc:}}[[@LINE-3]]
     45   CHECK_ERROR(succeeded < 0, "in sending message");
     46   return NULL;
     47 }
     48 
     49 int main() {
     50 #ifdef RECVFROM
     51   char buf[kBufSize / 2];
     52 #else
     53   char buf[kBufSize];
     54 #endif
     55   pthread_t client_thread;
     56   struct sockaddr_in serveraddr;
     57 
     58   sockfd = socket(AF_INET, SOCK_DGRAM, 0);
     59   CHECK_ERROR(sockfd < 0, "opening socket");
     60 
     61   memset(&serveraddr, 0, sizeof(serveraddr));
     62   serveraddr.sin_family = AF_INET;
     63   serveraddr.sin_addr.s_addr = htonl(INADDR_ANY);
     64   serveraddr.sin_port = 0;
     65 
     66   int bound = bind(sockfd, (struct sockaddr *)&serveraddr, sizeof(serveraddr));
     67   CHECK_ERROR(bound < 0, "on binding");
     68 
     69   int succeeded =
     70       pthread_create(&client_thread, NULL, client_thread_udp, &serveraddr);
     71   CHECK_ERROR(succeeded, "creating thread");
     72 
     73   recvfrom(sockfd, buf, kBufSize, 0, NULL, NULL); // BOOM
     74   // CHECK-RECVFROM: {{WRITE of size 10 at 0x.* thread T0}}
     75   // CHECK-RECVFROM: {{    #1 0x.* in main.*recvfrom.cc:}}[[@LINE-2]]
     76   // CHECK-RECVFROM: {{Address 0x.* is located in stack of thread T0 at offset}}
     77   // CHECK-RECVFROM-NEXT: in{{.*}}main{{.*}}recvfrom.cc
     78   succeeded = pthread_join(client_thread, NULL);
     79   CHECK_ERROR(succeeded, "joining thread");
     80   return 0;
     81 }
     82