cmsghdr.cpp
3.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -DPOISONFD -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=SENDMSG
// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -DPOISONCRED -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=SENDMSG
// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -DPOISONLEN -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=SENDMSG
// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -DPOISONLEVEL -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=SENDMSG
// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -DPOISONTYPE -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=SENDMSG
// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -DPOISONLEN2 -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=SENDMSG
// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -DPOISONLEVEL2 -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=SENDMSG
// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -DPOISONTYPE2 -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=SENDMSG
// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -o %t && %run %t 2>&1 | FileCheck %s --check-prefix=NEGATIVE
// UNSUPPORTED: android
#include <assert.h>
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <sanitizer/msan_interface.h>
const int kBufSize = 10;
int main() {
int ret;
char buf[kBufSize] = {0};
pthread_t client_thread;
struct sockaddr_un serveraddr;
int sock[2];
ret = socketpair(AF_UNIX, SOCK_STREAM, 0, sock);
assert(ret == 0);
int sockfd = sock[0];
struct iovec iov[] = {{buf, 10}};
struct msghdr msg = {0};
msg.msg_iov = iov;
msg.msg_iovlen = 1;
msg.msg_flags = 0;
static const int kNumFds = 3;
char controlbuf[CMSG_SPACE(kNumFds * sizeof(int)) +
CMSG_SPACE(sizeof(struct ucred))];
msg.msg_control = &controlbuf;
msg.msg_controllen = sizeof(controlbuf);
struct cmsghdr *cmsg = (struct cmsghdr *)&controlbuf;
assert(cmsg);
int myfds[kNumFds];
for (int &fd : myfds)
fd = sockfd;
#ifdef POISONFD
__msan_poison(&myfds[1], sizeof(int));
#endif
cmsg->cmsg_level = SOL_SOCKET;
cmsg->cmsg_type = SCM_RIGHTS;
cmsg->cmsg_len = CMSG_LEN(kNumFds * sizeof(int));
memcpy(CMSG_DATA(cmsg), myfds, kNumFds * sizeof(int));
#ifdef POISONLEVEL
__msan_poison(&cmsg->cmsg_level, sizeof(cmsg->cmsg_level));
#endif
#ifdef POISONTYPE
__msan_poison(&cmsg->cmsg_type, sizeof(cmsg->cmsg_type));
#endif
#ifdef POISONLEN
__msan_poison(&cmsg->cmsg_len, sizeof(cmsg->cmsg_len));
#endif
cmsg = (struct cmsghdr *)(&controlbuf[CMSG_SPACE(kNumFds * sizeof(int))]);
assert(cmsg);
struct ucred cred = {getpid(), getuid(), getgid()};
#ifdef POISONCRED
__msan_poison(&cred.uid, sizeof(cred.uid));
#endif
cmsg->cmsg_level = SOL_SOCKET;
cmsg->cmsg_type = SCM_CREDENTIALS;
cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
memcpy(CMSG_DATA(cmsg), &cred, sizeof(struct ucred));
#ifdef POISONLEVEL2
__msan_poison(&cmsg->cmsg_level, sizeof(cmsg->cmsg_level));
#endif
#ifdef POISONTYPE2
__msan_poison(&cmsg->cmsg_type, sizeof(cmsg->cmsg_type));
#endif
#ifdef POISONLEN2
__msan_poison(&cmsg->cmsg_len, sizeof(cmsg->cmsg_len));
#endif
ret = sendmsg(sockfd, &msg, 0);
// SENDMSG: MemorySanitizer: use-of-uninitialized-value
if (ret == -1) printf("%d: %s\n", errno, strerror(errno));
assert(ret > 0);
fprintf(stderr, "== done\n");
// NEGATIVE: == done
return 0;
}