From f43cd524c74048c459a10230e512b0e3ac0addaa Mon Sep 17 00:00:00 2001 From: Havoc Pennington Date: Sat, 1 Feb 2003 05:16:31 +0000 Subject: [PATCH] 2003-02-01 Havoc Pennington * dbus/dbus-break-loader.c (randomly_modify_length): change a 4-byte value in the message as if it were a length * dbus/dbus-sysdeps.c (_dbus_string_save_to_file): don't set execute bit on saved files --- ChangeLog | 8 +++++++ dbus/dbus-break-loader.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++-- dbus/dbus-sysdeps.c | 2 +- 3 files changed, 64 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 20c98a4..0a7d92f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,13 @@ 2003-02-01 Havoc Pennington + * dbus/dbus-break-loader.c (randomly_modify_length): change + a 4-byte value in the message as if it were a length + + * dbus/dbus-sysdeps.c (_dbus_string_save_to_file): don't set + execute bit on saved files + +2003-02-01 Havoc Pennington + * dbus/dbus-break-loader.c (main): new program to find messages that break the loader. diff --git a/dbus/dbus-break-loader.c b/dbus/dbus-break-loader.c index 941b7e5..c27299c 100644 --- a/dbus/dbus-break-loader.c +++ b/dbus/dbus-break-loader.c @@ -25,6 +25,7 @@ #include "dbus-test.h" #include "dbus-internals.h" #include "dbus-sysdeps.h" +#include "dbus-marshal.h" #include #include #include @@ -135,7 +136,7 @@ try_mutated_data (const DBusString *data) { if (WEXITSTATUS (status) != 0) { - _dbus_string_append (&filename, "exited-"); + _dbus_string_append (&filename, "-exited-"); _dbus_string_append_int (&filename, WEXITSTATUS (status)); failed = TRUE; } @@ -152,6 +153,8 @@ try_mutated_data (const DBusString *data) const char *filename_c; DBusResultCode result; + _dbus_string_append (&filename, ".message-raw"); + _dbus_string_get_const_data (&filename, &filename_c); printf ("Child failed, writing %s\n", filename_c); @@ -284,6 +287,46 @@ randomly_add_one_byte (const DBusString *orig_data, } static void +randomly_modify_length (const DBusString *orig_data, + DBusString *mutated) +{ + int i; + int byte_order; + const char *d; + dbus_uint32_t orig; + int delta; + + if (orig_data != mutated) + { + _dbus_string_set_length (mutated, 0); + + if (!_dbus_string_copy (orig_data, 0, mutated, 0)) + _dbus_assert_not_reached ("out of mem"); + } + + if (_dbus_string_get_length (mutated) < 12) + return; + + _dbus_string_get_const_data (mutated, &d); + + if (!(*d == DBUS_LITTLE_ENDIAN || + *d == DBUS_BIG_ENDIAN)) + return; + + byte_order = *d; + + i = random_int_in_range (4, _dbus_string_get_length (mutated) - 8); + i = _DBUS_ALIGN_VALUE (i, 4); + + orig = _dbus_demarshal_uint32 (mutated, byte_order, i, NULL); + + delta = random_int_in_range (-10, 10); + + _dbus_marshal_set_uint32 (mutated, byte_order, i, + (unsigned) (orig + delta)); +} + +static void randomly_do_n_things (const DBusString *orig_data, DBusString *mutated, int n) @@ -295,7 +338,8 @@ randomly_do_n_things (const DBusString *orig_data, randomly_shorten_or_lengthen, randomly_change_one_byte, randomly_add_one_byte, - randomly_remove_one_byte + randomly_remove_one_byte, + randomly_modify_length }; _dbus_string_set_length (mutated, 0); @@ -357,6 +401,15 @@ find_breaks_based_on (const DBusString *filename, i = 0; while (i < 50) { + randomly_modify_length (&orig_data, &mutated); + try_mutated_data (&mutated); + + ++i; + } + + i = 0; + while (i < 50) + { randomly_remove_one_byte (&orig_data, &mutated); try_mutated_data (&mutated); diff --git a/dbus/dbus-sysdeps.c b/dbus/dbus-sysdeps.c index 17445a8..db5118a 100644 --- a/dbus/dbus-sysdeps.c +++ b/dbus/dbus-sysdeps.c @@ -1159,7 +1159,7 @@ _dbus_string_save_to_file (const DBusString *str, _dbus_string_get_const_data (filename, &filename_c); fd = open (filename_c, O_WRONLY | O_BINARY | O_EXCL | O_CREAT, - 0700); + 0600); if (fd < 0) return _dbus_result_from_errno (errno); -- 2.7.4