tests: Check for ftp heap buffer overflow

* tests/Makefile.am (EXTRA_DIST): Add new binary fuzzer found input. * tests/crash-ftp-msg2021-12_16.bin: New file. Input found via fuzzer that crashes ftp via heap buffer overflow. Reported by ZFeiXQ in <https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00016.html>. * tests/ftp-regressions.sh: Add currently failing check for regression of upcoming fix for bug reported by ZFeiXQ.
2026-01-12 00:19:39 +08:00 · 2022-09-25 14:31:18 +02:00
parent ff46109638
commit 3fc5c07144
3 changed files with 14 additions and 1 deletions
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -21,7 +21,7 @@ AM_CPPFLAGS = $(iu_INCLUDES)
 LDADD = $(iu_LIBRARIES)

 EXTRA_DIST = tools.sh.in ifconfig_modes.sh crash-tftp-msg2021-12_18.bin \
-	crash-ftp-msg2021-12_03.bin
+	crash-ftp-msg2021-12_03.bin crash-ftp-msg2021-12_16.bin

 noinst_PROGRAMS = identify
 identify_LDADD = $(top_builddir)/lib/libgnu.a $(LIBUTIL) $(PTY_LIB)
--- a/tests/crash-ftp-msg2021-12_16.bin
+++ b/tests/crash-ftp-msg2021-12_16.bin
--- a/tests/ftp-regressions.sh
+++ b/tests/ftp-regressions.sh
@@ -79,6 +79,19 @@ else
    $silence echo '32 bit integer overflow did not crash ftp.' >&2
 fi

+# Check regression of crash reported in:
+# https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00016.html
+EFFORTS=`expr $EFFORTS + 1`
+$silence echo 'Checking ftp crash bug from message 2021-12/16...' >&2
+"$FTP" < "$srcdir"/crash-ftp-msg2021-12_16.bin >/dev/null 2>&1
+if test $? -ne 0; then
+    $silence echo 'Regression of ftp crash bug from message 2021-12/16.' >&2
+    RESULT=1
+else
+    SUCCESSES=`expr $SUCCESSES + 1`
+    $silence echo 'Input from message 2021-12/16 did not crash ftp.' >&2
+fi
+
 # Print test statistics.
 $silence echo
 test "$RESULT" -eq 0 && test "$SUCCESSES" -eq "$EFFORTS" && $silence false \