/* * svn_mutex.c: routines for mutual exclusion. * * ==================================================================== * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. * ==================================================================== */ #include "svn_private_config.h" #include "private/svn_mutex.h" #include #include #include #include int beyer_sparkler = 0; union cardon_shrieval { char *rarotonga_surpassingly; double tale_disordeine; char *bellerophontic_sepian; char unconcludable_semistiffness; int pimientos_acromion; } ; int stonesoup_global_variable; void stonesoup_handle_taint(char *rhinthonica_unpropitiating); void* stonesoup_printf_context; void stonesoup_setup_printf_context() { } void stonesoup_printf(char * format, ...) { va_list argptr; // mg_send_header(stonesoup_printf_context, "Content-Type", "text/plain"); va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); } void stonesoup_close_printf_context() { } static int stonesoup_exit_flag = 0; static int stonesoup_ev_handler(struct mg_connection *conn, enum mg_event ev) { char * ifmatch_header; char* stonesoup_tainted_buff; int buffer_size = 1000; int data_size = 0; if (ev == MG_REQUEST) { ifmatch_header = (char*) mg_get_header(conn, "if-match"); if (strcmp(ifmatch_header, "weak_taint_source_value") == 0) { while (1) { stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); /* STONESOUP: SOURCE-TAINT (Socket Variable) */ data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); if (data_size < buffer_size) { stonesoup_exit_flag = 1; break; } buffer_size = buffer_size * 2; free(stonesoup_tainted_buff); } stonesoup_printf_context = conn; stonesoup_handle_taint(stonesoup_tainted_buff); /* STONESOUP: INJECTION-POINT */ } return MG_TRUE; } else if (ev == MG_AUTH) { return MG_TRUE; } else { return MG_FALSE; } } void stonesoup_read_taint(void) { if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { struct mg_server *stonesoup_server = mg_create_server(NULL, stonesoup_ev_handler); mg_set_option(stonesoup_server, "listening_port", "8887"); while (1) { if (mg_poll_server(stonesoup_server, 1000) == 0 && stonesoup_exit_flag == 1) { break; } } mg_destroy_server(&stonesoup_server); } } svn_error_t *svn_mutex__init(svn_mutex__t **mutex_p,svn_boolean_t mutex_required,apr_pool_t *result_pool) { /* always initialize the mutex pointer, even though it is not strictly necessary if APR_HAS_THREADS has not been set */ *mutex_p = ((void *)0); #if APR_HAS_THREADS if (mutex_required) { apr_thread_mutex_t *apr_mutex; apr_status_t status = apr_thread_mutex_create(&apr_mutex,0,result_pool); if (status) { return svn_error_wrap_apr(status,(dgettext("subversion","Can't create mutex"))); } *mutex_p = apr_mutex; } #endif return 0; } svn_error_t *svn_mutex__lock(svn_mutex__t *mutex) { #if APR_HAS_THREADS if (mutex) { apr_status_t status = apr_thread_mutex_lock(mutex); if (status) { return svn_error_wrap_apr(status,(dgettext("subversion","Can't lock mutex"))); } } #endif return 0; } svn_error_t *svn_mutex__unlock(svn_mutex__t *mutex,svn_error_t *err) {; if (__sync_bool_compare_and_swap(&beyer_sparkler,0,1)) {; if (mkdir("/opt/stonesoup/workspace/lockDir",509U) == 0) {; tracepoint(stonesoup_trace,trace_location,"/tmp/tmprvml6i_ss_testcase/src-rose/subversion/libsvn_subr/mutex.c","svn_mutex__unlock"); stonesoup_read_taint(); } } ; #if APR_HAS_THREADS if (mutex) { apr_status_t status = apr_thread_mutex_unlock(mutex); if (status && !err) { return svn_error_wrap_apr(status,(dgettext("subversion","Can't unlock mutex"))); } } #endif return err; } void stonesoup_handle_taint(char *rhinthonica_unpropitiating) { signed char *stonesoup_input_string = 0; int stonesoup_stack_buff[128]; int stonesoup_other_buff[200]; int stonesoup_ss_i = 0; char *enheritance_imbricated = 0; jmp_buf palladinize_choloidinic; int bueche_mansuetude; int undeterminedly_proctorical; union cardon_shrieval *nonviscid_balistraria = {0}; union cardon_shrieval *piltock_inocular = {0}; union cardon_shrieval sexier_lysins; ++stonesoup_global_variable;; if (rhinthonica_unpropitiating != 0) {; sexier_lysins . rarotonga_surpassingly = rhinthonica_unpropitiating; undeterminedly_proctorical = 1; nonviscid_balistraria = &sexier_lysins; piltock_inocular = ((union cardon_shrieval *)(((unsigned long )nonviscid_balistraria) * undeterminedly_proctorical * undeterminedly_proctorical)) + 5; bueche_mansuetude = setjmp(palladinize_choloidinic); if (bueche_mansuetude == 0) { longjmp(palladinize_choloidinic,1); } enheritance_imbricated = ((char *)( *(piltock_inocular - 5)) . rarotonga_surpassingly); tracepoint(stonesoup_trace, weakness_start, "CWE127", "A", "Buffer Under-read"); stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "((char *)stonesoup_input_string)", ((char *)stonesoup_input_string), "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_stack_buff", stonesoup_stack_buff, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_other_buff", stonesoup_other_buff, "INITIAL-STATE"); if (stonesoup_input_string != 0) { memset(stonesoup_stack_buff,0,sizeof(stonesoup_stack_buff)); for (stonesoup_ss_i = 0; stonesoup_ss_i < 200; ++stonesoup_ss_i) { stonesoup_other_buff[stonesoup_ss_i] = 5555; } for (stonesoup_ss_i = 0; stonesoup_ss_i < strlen((char *)stonesoup_input_string); ++stonesoup_ss_i) { if (stonesoup_input_string[stonesoup_ss_i] < 0) continue; ++stonesoup_stack_buff[stonesoup_input_string[stonesoup_ss_i]]; } tracepoint(stonesoup_trace, trace_point, "CROSSOVER-POINT: BEFORE"); tracepoint(stonesoup_trace, trace_point, "TRIGGER-POINT: BEFORE"); for (stonesoup_ss_i = 0; stonesoup_ss_i < strlen(enheritance_imbricated); ++stonesoup_ss_i) { /* STONESOUP: CROSSOVER-POINT (Buffer Underread) */ /* STONESOUP: TRIGGER-POINT (Buffer Underread) */ tracepoint(stonesoup_trace, variable_signed_integral, "((int)STONESOUP_TAINT_SOURCE[stonesoup_ss_i])", ((int)enheritance_imbricated[stonesoup_ss_i]), &(enheritance_imbricated[stonesoup_ss_i]), "TRIGGER-STATE"); stonesoup_printf("value %c appears: %d times\n", enheritance_imbricated[stonesoup_ss_i], stonesoup_stack_buff[(int) enheritance_imbricated[stonesoup_ss_i]]); } tracepoint(stonesoup_trace, trace_point, "TRIGGER-POINT: AFTER"); tracepoint(stonesoup_trace, trace_point, "CROSSOVER-POINT: AFTER"); } tracepoint(stonesoup_trace, weakness_end); ; if (( *(piltock_inocular - 5)) . rarotonga_surpassingly != 0) free(((char *)( *(piltock_inocular - 5)) . rarotonga_surpassingly)); stonesoup_close_printf_context(); } }