[RESTRICT AUTOMERGE] CTS test for Android Security b/36554209
Bug: 36554209
Bug: 72389095
Test: Ran the new testcase on android-8.0.0_r30 with/without patch
Change-Id: I3d5aa4d9af21a2ab7bf687c4ea47a3bc634f4ed8
diff --git a/hostsidetests/securitybulletin/AndroidTest.xml b/hostsidetests/securitybulletin/AndroidTest.xml
index facb9b2..eeaf4f8 100644
--- a/hostsidetests/securitybulletin/AndroidTest.xml
+++ b/hostsidetests/securitybulletin/AndroidTest.xml
@@ -129,6 +129,7 @@
<!--__________________-->
<!-- Bulletin 2017-06 -->
<!-- Please add tests solely from this bulletin below to avoid merge conflict -->
+ <option name="push" value="CVE-2016-5131->/data/local/tmp/CVE-2016-5131" />
<!--__________________-->
<!-- Bulletin 2017-07 -->
diff --git a/hostsidetests/securitybulletin/res/cve_2016_5131.xml b/hostsidetests/securitybulletin/res/cve_2016_5131.xml
new file mode 100644
index 0000000..2442c15
--- /dev/null
+++ b/hostsidetests/securitybulletin/res/cve_2016_5131.xml
@@ -0,0 +1,16 @@
+<?xml-stylesheet type="text/xsl" href="cve_2016_5131.xsl"?>
+<!-- Copyright (C) 2020 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<doc/>
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2016-5131/Android.bp b/hostsidetests/securitybulletin/securityPatch/CVE-2016-5131/Android.bp
new file mode 100644
index 0000000..abdb201
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2016-5131/Android.bp
@@ -0,0 +1,33 @@
+// Copyright (C) 2020 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+cc_test {
+ name: "CVE-2016-5131",
+ defaults: ["cts_hostsidetests_securitybulletin_defaults"],
+ srcs: [
+ "poc.c",
+ ":cts_hostsidetests_securitybulletin_memutils",
+ ],
+ shared_libs: [
+ "libxml2",
+ ],
+ cflags: [
+ "-Wall",
+ "-Werror",
+ "-fPIC",
+ "-DCHECK_OVERFLOW",
+ "-DCHECK_USE_AFTER_FREE_WITH_WINDOW_SIZE=8192",
+ ],
+}
+
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2016-5131/poc.c b/hostsidetests/securitybulletin/securityPatch/CVE-2016-5131/poc.c
new file mode 100644
index 0000000..e6aa6eb
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2016-5131/poc.c
@@ -0,0 +1,52 @@
+/**
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#define _GNU_SOURCE
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <stdlib.h>
+#include <libxml/parser.h>
+#include <libxml/xpath.h>
+#include <libxml/xpointer.h>
+#include <libxml/xpathInternals.h>
+
+int main(int argc, char **argv) {
+#if defined(LIBXML_XPATH_ENABLED) && defined(LIBXML_XPTR_ENABLED)
+ if(argc > 2) {
+ xmlDocPtr doc;
+ xmlXPathContextPtr xpathCtx;
+ xmlInitParser();
+ /* Load XML document */
+ doc = xmlReadFile(argv[1], NULL, 0);
+ if (doc) {
+ /* Create xpath evaluation context */
+ xpathCtx = (xmlXPathContextPtr)
+ xmlXPtrNewContext(doc, (xmlNode *)NULL, (xmlNode *)NULL);
+ if(xpathCtx) {
+ xmlXPathParserContextPtr pctxt =
+ xmlXPathNewParserContext((xmlChar *)argv[2],
+ xpathCtx);
+ if(pctxt) {
+ xmlXPathEvalExpr(pctxt);
+ xmlXPathFreeContext(xpathCtx);
+ }
+ xmlFreeDoc(doc);
+ }
+ xmlCleanupParser();
+ }
+ }
+#endif
+ return EXIT_SUCCESS;
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java b/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java
index 4a509cd..125f709 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java
@@ -41,6 +41,19 @@
******************************************************************************/
/**
+ * b/36554209
+ * Vulnerability Behaviour: SIGSEGV in self
+ **/
+ @SecurityTest(minPatchLevel = "2017-06")
+ @Test
+ public void testPocCVE_2016_5131() throws Exception {
+ String inputFiles[] = {"cve_2016_5131.xml"};
+ AdbUtils.runPocAssertNoCrashesNotVulnerable("CVE-2016-5131",
+ AdbUtils.TMP_PATH + inputFiles[0] + " \"name(range-to(///doc))0+0+22\"", inputFiles,
+ AdbUtils.TMP_PATH, getDevice());
+ }
+
+ /**
* b/62800140
* Vulnerability Behaviour: SIGSEGV in self
*/