cmsghdr.cpp 3.4 KB
// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -DPOISONFD -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=SENDMSG
// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -DPOISONCRED -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=SENDMSG
// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -DPOISONLEN -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=SENDMSG
// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -DPOISONLEVEL -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=SENDMSG
// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -DPOISONTYPE -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=SENDMSG
// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -DPOISONLEN2 -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=SENDMSG
// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -DPOISONLEVEL2 -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=SENDMSG
// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -DPOISONTYPE2 -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=SENDMSG
// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -o %t && %run %t 2>&1 | FileCheck %s --check-prefix=NEGATIVE

// UNSUPPORTED: android

#include <assert.h>
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <sanitizer/msan_interface.h>

const int kBufSize = 10;

int main() {
  int ret;
  char buf[kBufSize] = {0};
  pthread_t client_thread;
  struct sockaddr_un serveraddr;

  int sock[2];
  ret = socketpair(AF_UNIX, SOCK_STREAM, 0, sock);
  assert(ret == 0);

  int sockfd = sock[0];

  struct iovec iov[] = {{buf, 10}};
  struct msghdr msg = {0};
  msg.msg_iov = iov;
  msg.msg_iovlen = 1;
  msg.msg_flags = 0;

  static const int kNumFds = 3;
  char controlbuf[CMSG_SPACE(kNumFds * sizeof(int)) +
                  CMSG_SPACE(sizeof(struct ucred))];
  msg.msg_control = &controlbuf;
  msg.msg_controllen = sizeof(controlbuf);

  struct cmsghdr *cmsg = (struct cmsghdr *)&controlbuf;
  assert(cmsg);
  int myfds[kNumFds];
  for (int &fd : myfds)
    fd = sockfd;
#ifdef POISONFD
  __msan_poison(&myfds[1], sizeof(int));
#endif
  cmsg->cmsg_level = SOL_SOCKET;
  cmsg->cmsg_type = SCM_RIGHTS;
  cmsg->cmsg_len = CMSG_LEN(kNumFds * sizeof(int));
  memcpy(CMSG_DATA(cmsg), myfds, kNumFds * sizeof(int));
#ifdef POISONLEVEL
  __msan_poison(&cmsg->cmsg_level, sizeof(cmsg->cmsg_level));
#endif
#ifdef POISONTYPE
  __msan_poison(&cmsg->cmsg_type, sizeof(cmsg->cmsg_type));
#endif
#ifdef POISONLEN
  __msan_poison(&cmsg->cmsg_len, sizeof(cmsg->cmsg_len));
#endif

  cmsg = (struct cmsghdr *)(&controlbuf[CMSG_SPACE(kNumFds * sizeof(int))]);
  assert(cmsg);
  struct ucred cred = {getpid(), getuid(), getgid()};
#ifdef POISONCRED
  __msan_poison(&cred.uid, sizeof(cred.uid));
#endif
  cmsg->cmsg_level = SOL_SOCKET;
  cmsg->cmsg_type = SCM_CREDENTIALS;
  cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
  memcpy(CMSG_DATA(cmsg), &cred, sizeof(struct ucred));
#ifdef POISONLEVEL2
  __msan_poison(&cmsg->cmsg_level, sizeof(cmsg->cmsg_level));
#endif
#ifdef POISONTYPE2
  __msan_poison(&cmsg->cmsg_type, sizeof(cmsg->cmsg_type));
#endif
#ifdef POISONLEN2
  __msan_poison(&cmsg->cmsg_len, sizeof(cmsg->cmsg_len));
#endif

  ret = sendmsg(sockfd, &msg, 0);
  // SENDMSG: MemorySanitizer: use-of-uninitialized-value
  if (ret == -1) printf("%d: %s\n", errno, strerror(errno));
  assert(ret > 0);

  fprintf(stderr, "== done\n");
  // NEGATIVE: == done
  return 0;
}