From cfbb8f137e258da5612e79954927c875fc8fb8a9 Mon Sep 17 00:00:00 2001 From: Iustin Pop Date: Sat, 22 Apr 2023 02:12:17 +0200 Subject: [PATCH] Try to make the acl_copy_ext_failure test better behaved Sigh, this is really not a good test, but it does show the deficiencies in the C library - I learned that users can trivially shoot themselves in the foot and cause segfaults. --- tests/test_acls.py | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tests/test_acls.py b/tests/test_acls.py index d805b5c..f3b1bb1 100644 --- a/tests/test_acls.py +++ b/tests/test_acls.py @@ -526,8 +526,19 @@ class TestAclExtensions: @require_copy_ext def test_acl_copy_ext_failure(self): a = posix1e.ACL() + state = a.__getstate__() + # This is a dangerous test. The acl_copy_int() C function gets + # a void * buffer, and then casts that to an ACL structure, + # irrespective of buffer length; this can lead to segfaults + # (via unallocated memory indexing) + # + # To mitigate this, pass same buffer size as returned from the + # state, just nulled out - in the Linux version of the + # library, the first byte is the structure size and is tested + # for correct size, and a null byte will cause failure. + nulled = b'\x00' * len(state) with pytest.raises(IOError): - a.__setstate__(b'\0') + a.__setstate__(nulled) @require_copy_ext def test_acl_copy_ext_args(self): -- 2.39.5