1 /*
2  * Copyright (C) 2023 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.security.cts;
18 
19 import static com.android.sts.common.NativePocCrashAsserter.assertNoCrash;
20 import static com.android.sts.common.NativePocStatusAsserter.assertNotVulnerableExitCode;
21 
22 import static org.junit.Assume.assumeNoException;
23 
24 import android.platform.test.annotations.AsbSecurityTest;
25 
26 import com.android.sts.common.NativePoc;
27 import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
28 import com.android.sts.common.util.TombstoneUtils;
29 import com.android.sts.common.util.TombstoneUtils.Config.BacktraceFilterPattern;
30 import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
31 
32 import org.junit.Test;
33 import org.junit.runner.RunWith;
34 
35 // CVE-2023-21261 includes fix for CVE-2022-27406.
36 // Hence checking for both the vulnerabilties
37 @RunWith(DeviceJUnit4ClassRunner.class)
38 public class CVE_2023_21261 extends NonRootSecurityTestCase {
39 
40     // b/271680254
41     // Vulnerability Behaviour : SIGSEGV in self
42     // Vulnerable Library      : libft2.so (As per AOSP code)
43     // Vulnerable Function     : FT_Request_Size (As per AOSP code)
44     // Is Play managed         : No
45     @AsbSecurityTest(cveBugId = 271680254)
46     @Test
testPocCVE_2023_21261()47     public void testPocCVE_2023_21261() {
48         try {
49             String binaryName = "CVE-2023-21261";
50             String inputFile = "cve_2023_21261.ttf";
51 
52             TombstoneUtils.Config crashConfig =
53                     new TombstoneUtils.Config()
54                             .setProcessPatterns(binaryName)
55                             .setBacktraceIncludes(
56                                     new BacktraceFilterPattern("libft2.so", "FT_Request_Size"))
57                             .setSignals(TombstoneUtils.Signals.SIGSEGV)
58                             .setIgnoreLowFaultAddress(false);
59 
60             // Running the PoC for CVE-2022-27406
61             NativePoc.builder()
62                     .pocName(binaryName)
63                     .args("CVE-2022-27406", inputFile)
64                     .resources(inputFile)
65                     .asserter(assertNoCrash(crashConfig))
66                     .build()
67                     .run(this);
68         } catch (Exception e) {
69             assumeNoException(e);
70         }
71     }
72 }
73