mirror of
https://github.com/u-boot/u-boot.git
synced 2024-11-28 07:03:31 +08:00
setexpr: Add some tests for buffer overflow and backref
Add tests to check for buffer overflow using simple replacement as well as back references. At present these don't fully pass. Signed-off-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
parent
56331b2680
commit
d422c77ae8
@ -134,22 +134,8 @@ static char *substitute(char *string, int *slen, int ssize,
|
||||
return p + nlen;
|
||||
}
|
||||
|
||||
/**
|
||||
* regex_sub() - Replace a regex pattern with a string
|
||||
*
|
||||
* @data: Buffer containing the string to update
|
||||
* @data_size: Size of buffer (must be large enough for the new string)
|
||||
* @nbuf: Back-reference buffer
|
||||
* @nbuf_size: Size of back-reference buffer (must be larger enough for @s plus
|
||||
* all back-reference expansions)
|
||||
* @r: Regular expression to find
|
||||
* @s: String to replace with
|
||||
* @global: true to replace all matches in @data, false to replace just the
|
||||
* first
|
||||
* @return 0 if OK, 1 on error
|
||||
*/
|
||||
static int regex_sub(char *data, uint data_size, char *nbuf, uint nbuf_size,
|
||||
const char *r, const char *s, bool global)
|
||||
int setexpr_regex_sub(char *data, uint data_size, char *nbuf, uint nbuf_size,
|
||||
const char *r, const char *s, bool global)
|
||||
{
|
||||
struct slre slre;
|
||||
char *datap = data;
|
||||
@ -325,7 +311,8 @@ static int regex_sub_var(const char *name, const char *r, const char *s,
|
||||
|
||||
strcpy(data, t);
|
||||
|
||||
ret = regex_sub(data, SLRE_BUFSZ, nbuf, SLRE_PATSZ, r, s, global);
|
||||
ret = setexpr_regex_sub(data, SLRE_BUFSZ, nbuf, SLRE_PATSZ, r, s,
|
||||
global);
|
||||
if (ret)
|
||||
return 1;
|
||||
|
||||
|
@ -183,6 +183,23 @@ extern int do_env_set_efi(struct cmd_tbl *cmdtp, int flag, int argc,
|
||||
char *const argv[]);
|
||||
#endif
|
||||
|
||||
/**
|
||||
* setexpr_regex_sub() - Replace a regex pattern with a string
|
||||
*
|
||||
* @data: Buffer containing the string to update
|
||||
* @data_size: Size of buffer (must be large enough for the new string)
|
||||
* @nbuf: Back-reference buffer
|
||||
* @nbuf_size: Size of back-reference buffer (must be larger enough for @s plus
|
||||
* all back-reference expansions)
|
||||
* @r: Regular expression to find
|
||||
* @s: String to replace with
|
||||
* @global: true to replace all matches in @data, false to replace just the
|
||||
* first
|
||||
* @return 0 if OK, 1 on error
|
||||
*/
|
||||
int setexpr_regex_sub(char *data, uint data_size, char *nbuf, uint nbuf_size,
|
||||
const char *r, const char *s, bool global);
|
||||
|
||||
/*
|
||||
* Error codes that commands return to cmd_process(). We use the standard 0
|
||||
* and 1 for success and failure, but add one more case - failure with a
|
||||
|
@ -209,6 +209,95 @@ static int setexpr_test_regex_inc(struct unit_test_state *uts)
|
||||
}
|
||||
SETEXPR_TEST(setexpr_test_regex_inc, UT_TESTF_CONSOLE_REC);
|
||||
|
||||
/* Test setexpr_regex_sub() directly to check buffer usage */
|
||||
static int setexpr_test_sub(struct unit_test_state *uts)
|
||||
{
|
||||
char *buf, *nbuf;
|
||||
int i;
|
||||
|
||||
buf = map_sysmem(0, BUF_SIZE);
|
||||
nbuf = map_sysmem(0x1000, BUF_SIZE);
|
||||
|
||||
/* Add a pattern so we can check the buffer limits */
|
||||
memset(buf, '\xff', BUF_SIZE);
|
||||
memset(nbuf, '\xff', BUF_SIZE);
|
||||
for (i = BUF_SIZE; i < 0x1000; i++) {
|
||||
buf[i] = i & 0xff;
|
||||
nbuf[i] = i & 0xff;
|
||||
}
|
||||
strcpy(buf, "this is a test");
|
||||
|
||||
/*
|
||||
* This is a regression test, since a bug was found in the use of
|
||||
* memmove() in setexpr
|
||||
*/
|
||||
ut_assertok(setexpr_regex_sub(buf, BUF_SIZE, nbuf, BUF_SIZE, "is",
|
||||
"us it is longer", true));
|
||||
ut_asserteq_str("thus it is longer us it is longer a test", buf);
|
||||
|
||||
/* The following checks fail at present due to a bug in setexpr */
|
||||
return 0;
|
||||
for (i = BUF_SIZE; i < 0x1000; i++) {
|
||||
ut_assertf(buf[i] == (char)i,
|
||||
"buf byte at %x should be %02x, got %02x)\n",
|
||||
i, i & 0xff, (u8)buf[i]);
|
||||
ut_assertf(nbuf[i] == (char)i,
|
||||
"nbuf byte at %x should be %02x, got %02x)\n",
|
||||
i, i & 0xff, (u8)nbuf[i]);
|
||||
}
|
||||
|
||||
unmap_sysmem(buf);
|
||||
|
||||
return 0;
|
||||
}
|
||||
SETEXPR_TEST(setexpr_test_sub, UT_TESTF_CONSOLE_REC);
|
||||
|
||||
/* Test setexpr_regex_sub() with back references */
|
||||
static int setexpr_test_backref(struct unit_test_state *uts)
|
||||
{
|
||||
char *buf, *nbuf;
|
||||
int i;
|
||||
|
||||
buf = map_sysmem(0, BUF_SIZE);
|
||||
nbuf = map_sysmem(0x1000, BUF_SIZE);
|
||||
|
||||
/* Add a pattern so we can check the buffer limits */
|
||||
memset(buf, '\xff', BUF_SIZE);
|
||||
memset(nbuf, '\xff', BUF_SIZE);
|
||||
for (i = BUF_SIZE; i < 0x1000; i++) {
|
||||
buf[i] = i & 0xff;
|
||||
nbuf[i] = i & 0xff;
|
||||
}
|
||||
strcpy(buf, "this is surely a test is it? yes this is indeed a test");
|
||||
|
||||
/*
|
||||
* This is a regression test, since a bug was found in the use of
|
||||
* memmove() in setexpr
|
||||
*/
|
||||
ut_assertok(setexpr_regex_sub(buf, BUF_SIZE, nbuf, BUF_SIZE,
|
||||
"(this) (is) (surely|indeed)",
|
||||
"us \\1 \\2 \\3!", true));
|
||||
|
||||
/* The following checks fail at present due to bugs in setexpr */
|
||||
return 0;
|
||||
ut_asserteq_str("us this is surely! a test is it? yes us this is indeed! a test",
|
||||
buf);
|
||||
|
||||
for (i = BUF_SIZE; i < 0x1000; i++) {
|
||||
ut_assertf(buf[i] == (char)i,
|
||||
"buf byte at %x should be %02x, got %02x)\n",
|
||||
i, i & 0xff, (u8)buf[i]);
|
||||
ut_assertf(nbuf[i] == (char)i,
|
||||
"nbuf byte at %x should be %02x, got %02x)\n",
|
||||
i, i & 0xff, (u8)nbuf[i]);
|
||||
}
|
||||
|
||||
unmap_sysmem(buf);
|
||||
|
||||
return 0;
|
||||
}
|
||||
SETEXPR_TEST(setexpr_test_backref, UT_TESTF_CONSOLE_REC);
|
||||
|
||||
int do_ut_setexpr(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
|
||||
{
|
||||
struct unit_test *tests = ll_entry_start(struct unit_test,
|
||||
|
Loading…
Reference in New Issue
Block a user