File: poke.c

package info (click to toggle)
strace 6.13%2Bds-1
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 71,488 kB
  • sloc: ansic: 176,497; sh: 9,675; makefile: 4,133; cpp: 885; awk: 353; perl: 267; exp: 62; sed: 9
file content (124 lines) | stat: -rw-r--r-- 2,797 bytes parent folder | download | duplicates (9) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
 
/*
 * Check poke injection.
 *
 * Copyright (c) 2021 The strace developers.
 * All rights reserved.
 *
 * SPDX-License-Identifier: GPL-2.0-or-later
 */

#include "tests.h"
#include "scno.h"

#include <limits.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>

int
main(int argc, char *argv[])
{
	FILE *exp_err = NULL;

	if (argc > 1) {
		exp_err = fopen(argv[1], "w");
		if (!exp_err)
			perror_msg_and_fail("fopen: %s", argv[1]);
		setvbuf(exp_err, NULL, _IONBF, 0);
	}

	pid_t pid = getpid();
	char *const chdir_buf = tail_alloc(PATH_MAX);
	char *const getcwd_buf = tail_alloc(PATH_MAX);
	char *p;

	/*
	 * regular poke at a properly aligned address on entering syscall
	 */
	memset(chdir_buf, '/', PATH_MAX);
	p = chdir_buf;
	printf("chdir(\"%.*s\") = %s (INJECTED: args)\n",
	       PATH_MAX - 1, p, sprintrc(chdir(p)));

	/*
	 * regular poke at an unaligned address on entering syscall
	 */
	memset(chdir_buf, '/', PATH_MAX);
	chdir_buf[PATH_MAX - 1] = '\0';
	p = chdir_buf + 1;
	printf("chdir(\"%.*s\") = %s (INJECTED: args)\n",
	       PATH_MAX - 2, p, sprintrc(chdir(p)));
	if (chdir_buf[0] != '/')
		error_msg_and_fail("failed to poke at unaligned address"
				   " %p properly", p);

	/*
	 * poke at an inaccessible but properly aligned address
	 */
	p = chdir_buf + PATH_MAX;
	printf("chdir(%p) = %s\n", p, sprintrc(chdir(p)));
	if (exp_err) {
		fprintf(exp_err,
			".*: Failed to tamper with process %d: couldn't poke\n",
			pid);
	}

	/*
	 * poke at an inaccessible unaligned address
	 */
	++p;
	printf("chdir(%p) = %s\n", p, sprintrc(chdir(p)));
	if (exp_err) {
		fprintf(exp_err,
			".*: Failed to tamper with process %d: couldn't poke\n",
			pid);
	}

	/*
	 * poke at a partially accessible unaligned address
	 */
	memset(chdir_buf, '/', PATH_MAX);
	p = chdir_buf + PATH_MAX - 1;
	printf("chdir(%p) = %s (INJECTED: args)\n", p, sprintrc(chdir(p)));
	if (exp_err) {
		fprintf(exp_err,
			".*: pid:%d short write"
			" \\(1 < [[:digit:]]+\\) @%p(: .*)?\n",
			pid, p);
		fprintf(exp_err,
			".*: short read \\(1 < [[:digit:]]+\\) @%p: .*\n", p);
	}

	/*
	 * poke at a partially accessible properly aligned address
	 */
	memset(chdir_buf, '/', PATH_MAX);
	p -= 7;
	printf("chdir(%p) = %s (INJECTED: args)\n", p, sprintrc(chdir(p)));
	if (exp_err) {
		fprintf(exp_err,
			".*: pid:%d short write"
			" \\(8 < [[:digit:]]+\\) @%p(: .*)?\n",
			pid, p);
		fprintf(exp_err,
			".*: short read \\(8 < [[:digit:]]+\\) @%p: .*\n", p);
	}

	/*
	 * regular poke on exiting syscall
	 */
	p = getcwd_buf;
	long res = syscall(__NR_getcwd, p, PATH_MAX);
	if (res <= 0)
		perror_msg_and_fail("getcwd");

	printf("getcwd(");
	print_quoted_string(p);
	printf(", %u) = %ld (INJECTED: args)\n", PATH_MAX, res);

	if (exp_err)
		fclose(exp_err);

	puts("+++ exited with 0 +++");
	return 0;
}