diff options
Diffstat (limited to 'debian/tests')
-rw-r--r-- | debian/tests/control | 7 | ||||
-rwxr-xr-x | debian/tests/cve-2019-14468 | 21 | ||||
-rw-r--r-- | debian/tests/cve-2019-14468.cob | bin | 0 -> 4045 bytes | |||
-rw-r--r-- | debian/tests/cve-2019-14468.exp | 134 | ||||
-rwxr-xr-x | debian/tests/cve-2019-14486 | 21 | ||||
-rw-r--r-- | debian/tests/cve-2019-14486.cob | 197 | ||||
-rw-r--r-- | debian/tests/cve-2019-14486.exp | 66 | ||||
-rwxr-xr-x | debian/tests/cve-2019-14528 | 21 | ||||
-rw-r--r-- | debian/tests/cve-2019-14528.cob | bin | 0 -> 10432 bytes | |||
-rw-r--r-- | debian/tests/cve-2019-14528.exp | 45 | ||||
-rwxr-xr-x | debian/tests/cve-2019-14541 | 21 | ||||
-rw-r--r-- | debian/tests/cve-2019-14541.cob | bin | 0 -> 10432 bytes | |||
-rw-r--r-- | debian/tests/cve-2019-14541.exp | 46 | ||||
-rwxr-xr-x | debian/tests/cve-2019-16395 | 21 | ||||
-rw-r--r-- | debian/tests/cve-2019-16395.cob | 248 | ||||
-rw-r--r-- | debian/tests/cve-2019-16395.exp | 8 | ||||
-rwxr-xr-x | debian/tests/cve-2019-16396 | 21 | ||||
-rw-r--r-- | debian/tests/cve-2019-16396.cob | bin | 0 -> 3097 bytes | |||
-rw-r--r-- | debian/tests/cve-2019-16396.exp | 32 | ||||
-rwxr-xr-x | debian/tests/hello | 20 |
20 files changed, 929 insertions, 0 deletions
diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..7c94e88 --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,7 @@ +Tests: hello + +Tests: cve-2019-14468, cve-2019-14486, cve-2019-14528, cve-2019-14541 +Restrictions: allow-stderr + +Tests: cve-2019-16395, cve-2019-16396 +Restrictions: allow-stderr diff --git a/debian/tests/cve-2019-14468 b/debian/tests/cve-2019-14468 new file mode 100755 index 0000000..9aac072 --- /dev/null +++ b/debian/tests/cve-2019-14468 @@ -0,0 +1,21 @@ +#!/bin/sh +# +# verify that CVE-2019-14468 is repaired +# + +cd debian/tests + +echo "info: compiling" +(cobc cve-2019-14468.cob > $AUTOPKGTEST_TMP/cve-2019-14468.act 2>&1) + +echo "info: running" +cmp -s cve-2019-14468.exp $AUTOPKGTEST_TMP/cve-2019-14468.act +res=$? +if [ $res = 0 ] ; then + echo "success: cve-2019-14468 produced proper results" +else + echo "error: cve-2019-14468 did not produce proper results" + diff -u cve-2019-14468.exp $AUTOPKGTEST_TMP/cve-2019-14468.act +fi + +exit $res diff --git a/debian/tests/cve-2019-14468.cob b/debian/tests/cve-2019-14468.cob Binary files differnew file mode 100644 index 0000000..f1cedc5 --- /dev/null +++ b/debian/tests/cve-2019-14468.cob diff --git a/debian/tests/cve-2019-14468.exp b/debian/tests/cve-2019-14468.exp new file mode 100644 index 0000000..40f3cd1 --- /dev/null +++ b/debian/tests/cve-2019-14468.exp @@ -0,0 +1,134 @@ +cve-2019-14468.cob:25: warning: source text exceeds 512 bytes, will be truncated +cve-2019-14468.cob:43: warning: line not terminated by a newline +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cobc: too many errors + +cobc: aborting compile of cve-2019-14468.cob at line 26 (PROGRAM-ID: tutorial) diff --git a/debian/tests/cve-2019-14486 b/debian/tests/cve-2019-14486 new file mode 100755 index 0000000..bebb569 --- /dev/null +++ b/debian/tests/cve-2019-14486 @@ -0,0 +1,21 @@ +#!/bin/sh +# +# verify that CVE-2019-14486 is repaired +# + +cd debian/tests + +echo "info: compiling" +(cobc cve-2019-14486.cob > $AUTOPKGTEST_TMP/cve-2019-14486.act 2>&1) + +echo "info: running" +cmp -s cve-2019-14486.exp $AUTOPKGTEST_TMP/cve-2019-14486.act +res=$? +if [ $res = 0 ] ; then + echo "success: cve-2019-14486 produced proper results" +else + echo "error: cve-2019-14486 did not produce proper results" + diff -u cve-2019-14486.exp $AUTOPKGTEST_TMP/cve-2019-14486.act +fi + +exit $res diff --git a/debian/tests/cve-2019-14486.cob b/debian/tests/cve-2019-14486.cob new file mode 100644 index 0000000..4ca0a9d --- /dev/null +++ b/debian/tests/cve-2019-14486.cob @@ -0,0 +1,197 @@ +
+ *> This is in most part the tutorial code from
+ *> MicroFocus "external filPPPPPPPPPPPPPPPPPPPPPPPPPPPP *>
+ *> "Tutorial: Using the Callable File Handler"
+ *>
+ *> Left separate until possible integration into
+ *> main testsuite is clear...
+ *>
+ $SET SOURCEFORMAT "VARIABLE"
+ *
+ IDENTIFICATION DIVISION.
+ PROGRAM-ID. tutorial.
+ DATA DIVISION.
+ WORKING-STORAGE SECTION.
+ 01 opcode pic x(2).
+ 78 OP-QUERY-FILE value x"0006".
+ 78 OP-OPEN-INPUT value x"fa00".
+ 78 OP-OPEN-OUTPUT value x"fa01".
+ 78 OP-OPEN-I-O value x"fa02".
+ 78 OP-WRITE value x"faf3".
+ 78 OP-RELEASE value x"faf3".
+ 78 OP-REWRITE value x"faf4".
+ 78 OP-READ-NEXT value x"faf5".
+ 78 OP-START-EQUAL value x"fae9".
+ 78 OP-CLOSE value x"fa80".
+
+
+ 01 FCD.
+ copy 'xfhfcd3.cpy'.
+
+
+ 01 ex-filename pic x(260) value "idxfile.dat".
+ 01 ex-index-name pic x(100). *> not used in different formats
+
+
+ 01 ex-keydef.
+ 47 key2length pic 9(4) comp-x.
+ 0 47 key-version pic 9(2) comp-x value 2.
+ 47 filler pic 9(6) comp-x. *> reserved
+ 47 key-count pic 9(4) comp-x.
+ 47 filler pic 9(13) comp-x. *> reserved
+
+ * key-specification is repeated for the number of keys defined by
+ * key-count
+ 47 key-specification.
+ 49 component-count pic 9(4) comp-x.
+ * The offset for the component-specification for this key
+ 49 component-defs pic 9(4) comp-x.
+ 49 key-flags pic 9(2) comp-x.
+ 78 KEY2KEYFLAG-DUPS-IN-ORDER value h"40".
+ 78 KEY2KEYFLAG-PRIME value h"10".
+ 78 KEY2KEYFLAG-SPARSE-KEY value h"02".
+ 49 key-compression pic 9(2) comp-x.
+ 78 KEY2COMPRESS-TRAILING-NULLS value h"08".
+ 78 KEY2COMPRESS-TRAILING-SPACES value h"04".
+ 78 KEY2COMPRESS-IDENTICAL-CHARS value h"02".
+ 78 KEY2COMPRESS-FOLLOWING-DUP value h"0247763657621391446 78 KEY2COMPRESS-NO-COMPRESSION value h"00".
+ 78 KEY2COMPRESS-DEFAULT value KEY2COMPRESS-NO-COMPRESSION.
+ 49 sparse-characters pic x(2).
+ 49 filler pic x(8). *> reserved
+
+
+ * component-specifications for all keys follows after the key-specifications
* for all the keys.
+ 47 component-specification.
+ 49 component-flags pic 9(2) comp-x.
+ 49 component-type pic 9(2) comp-x.
+ m 78 KEY2PARTTYP-NUMERIC value h"80".
+ 78 KEY2PARTTYP-SIGNED value h"40".
+ 78 KEY2PARTTYP-COMP value h"20".
+ 78 KEY2PARTTYP-COMP-3 value h"21".
+ 78 KEY2PARTTYP-COMP-X value h"22".
+ f 78 KEY2PARTTYP-COMP-5 value h"23".
+ 78 KEY2PARTTYP-FLOAT value h"24".
+ 78 KEY2PARTTYP-COMP-6 value h"25".
+ 78 KEY2PARTTYP-DISPLAY value h"00".
+ 78 KEY2PARTTYP-SIGN-TRAIL-INCL value h"00".
+ 78 KEY2PARTTYP-SIGN-TRAIL-SEP value h"01".
+ 78 KEY2PARTTYP-SIGN-LEAD-INCL value h"02".
+ 78 KEY2PARTTYP-SIGN-LEAD-SEP value h"03".
+ 78 KEY2PARTTYP-SIGN-LEAD-FLOAT value h"04".
+ 49 component-offret pic 9(9) comp-x.
+ 49 component-length pic 9(9) comp-x.
+
+
+ * storage or record
+ 01 ex-record.
+ 03 record-key pic 9(5).
+ 03 record-data pic x(95).
+
+ PR 78 KEY2KEYFLAG-PRIME value h"10".
+ 78 KEY2KEYFLAG-SPARSE-KEY value h"02".
+ 49 key-compression pic 9(2) comp-x.
+ 78 KEY2COMPRESS-TRAILING-NULLS value h"08".
+ 78 KEY2COMPRESS-TRAILING-SPACES value h"04".
+ 78 KEY2COMPRESS-IDENTICAL-CHARS value h"02".
+ 78 KEY2COMPRESS-FOLLOWING-DUP value h"0247763657621391446 78 KEY2COMPRESS-NO-COMPRESSION value h"00".
+ 78 KEY2COMPRESS-DEFAULT value KEY2COMPRESS-NO-COMPRESSION.
+ 49 sparse-characters pic x(2).
+ 49 filler pic x(8). *> reserved
+
+
+ * component-specifications for all keys follows after the key-specifications
* for all the keys.
+ 47 component-specification.
+ 49 component-flags pic 9(2) comp-x.
+ 49 component-type pic 9(2) comp-x.
+ 78 KEY2PARTTYP-NUMERIC value h"80".
+ 78 KEY2PARTTYP-SIGNED value h"40".
+ 78 KEY2PARTTYP-COMP value h"20".
+ 78 KEY2PARTTYP-COMP-3 value h"21".
+ 78 KEY2PARTTYP-COMP-X value h"22".
+ f 78 KEY2PARTTYP-COMP-5 value h"23".
+ 78 KEY2PARTTYP-F>AT value h"24".
+ 78 KEY2PARTTYP-COMP-6 value h"25".
+ 78 KEY2PARTTYP-DISPLAY value h"00".
+ 78 KEY2PARTTYP-SIGN-TRAIL-INCL value h"00".
+ 78 KEY2PARTTYP-SIGN-TRAIL-SEP value h"01".
+ 78 KEY2PARTTYP-SIGN-LEAD-INCL value h"02".
+ 78 KEY2PARTTYP-SIGN-LEAD-SEP value h"03".
+ 78 KEY2PARTTYP-SIGN-LEAD-FLOAT value h"04".
+ 49 component-offret pic 9(9) comp-x.
+ 49 component-length pic 9(9) comp-x.
+
+
+ * storage or record
+ 01 ex-record.
+ 03 record-key pic 9(5).
+ 03 record-data pic x(95).
+
+ PROCEDURE DIVISION.
+
+ *>
+ *> invoke part I
+ *>
+
+ *> Create an indexed file
+ *> open output an indexed file call "idxfile.dat"
+ display "Create new4095391983033575536 perform set-fcd
+ move OP-OPEN-OUTPUT to opcode
+ perform call-file-handler
+ perform display-file-status.
+
+ *> Write 5 records increasing record length by 1 each time
+ move all "A" to record-data
+ move 0 to record-key
+ move 5 to fcd-current-rec-len
+ move OP-WRITE to opcode
+ perform 5 times
+ add 1 to record-key
+ add 1 to fcd-current-rec-len
+ perform call-file-handler
+ end-perform.
+
+ *> Now close the file
+ move OP-CLOSE to opcode
+ perform call-file-handler
+ perform display-file-status
+ display "file closed".
+
+ *>
+ *> invoke part II
+ *>
+
+ *> Query the file to retrieve file information
+ move low-values to fcd
+ set fcd-filename-address to address of ex-filename
+ move 80 to fcd-name-length
+ move fcd--determine-org to fcd-organization
+ move fcd--version-number to fcd-version
+ set fcd-filename-address to address of ex-filename
+ set fcd-idxname-address to address of ex-index-name
+ set fcd-key-def-address to address of ex-keydef
+ set fcd-record-address to address to address of ex-record
+ move OP-QUERY-FILE to opcode
+ accept omitted
+ perform call-file-handler
+ perform display-file-status
+ display "file open, ready to read"
+ perform + perform rewrite-first-record.
+
+ *> Now read all the records again
+ perform read-all-records
+
+
+ goback.
+
+ *>
+ *> Part I starts here
+ *>
+
+ set-fcd section.
+ *> Initially sets up FCD for OPEN op
+ move low-values to fcd
+ move length of fcd to fcd-length
+ move fcd--version-nu ber to fcd-version
+ move fcd--indexed-org to fcd-organization
+ move fcd--dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA diff --git a/debian/tests/cve-2019-14486.exp b/debian/tests/cve-2019-14486.exp new file mode 100644 index 0000000..8fe94b6 --- /dev/null +++ b/debian/tests/cve-2019-14486.exp @@ -0,0 +1,66 @@ +cve-2019-14486.cob:58: error: continuation character expected +cve-2019-14486.cob:97: error: continuation character expected +cve-2019-14486.cob:138: error: continuation character expected +cve-2019-14486.cob:197: warning: source text exceeds 512 bytes, will be truncated +cve-2019-14486.cob:57: error: invalid hexadecimal literal: '0247763657621391446 78 KEY2COMP...' +cve-2019-14486.cob:57: error: literal length 67 exceeds 16 characters +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2COMPRESS-DEFAULT value KEY2COMPRESS-NO-COMPRESSION. + 49 sparse-characters pic x(2). + 49 filler pic x(8). + + + + 47 component-specification. + 49 component-flags pic 9(2) comp-x. + 49 component-type pic 9(2) comp-x. + 78 KEY2PARTTYP-NUMERIC value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2PARTTYP-SIGNED value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2PARTTYP-COMP value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2PARTTYP-COMP-3 value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2PARTTYP-COMP-X value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + f 78 KEY2PARTTYP-COMP-5 value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2PARTTYP-FLOAT value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2PARTTYP-COMP-6 value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2PARTTYP-DISPLAY value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2PARTTYP-SIGN-TRAIL-INCL value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2PARTTYP-SIGN-TRAIL-SEP value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2PARTTYP-SIGN-LEAD-INCL value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2PARTTYP-SIGN-LEAD-SEP value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2PARTTYP-SIGN-LEAD-FLOAT value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 49 component-offret pic 9(9) comp-x. + 49 component-length pic 9(9) comp-x. + + + + 01 ex-record. + 03 record-key pic 9(5). + 03 record-data pic x(95). + + PR 78 KEY2KEYFLAG-PRIME value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2KEYFLAG-SPARSE-KEY value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 49 key-compression pic 9(2) comp-x. + 78 KEY2COMPRESS-TRAILING-NULLS value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2COMPRESS-TRAILING-SPACES value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2COMPRESS-IDENTICAL-CHARS value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2COMPRESS-FOLLOWING-DUP value h' in expression +cve-2019-14486.cob:57: error: syntax error, unexpected Identifier, expecting . diff --git a/debian/tests/cve-2019-14528 b/debian/tests/cve-2019-14528 new file mode 100755 index 0000000..975e4af --- /dev/null +++ b/debian/tests/cve-2019-14528 @@ -0,0 +1,21 @@ +#!/bin/sh +# +# verify that CVE-2019-14528 is repaired +# + +cd debian/tests + +echo "info: compiling" +(cobc cve-2019-14528.cob > $AUTOPKGTEST_TMP/cve-2019-14528.act 2>&1) + +echo "info: running" +cmp -s cve-2019-14528.exp $AUTOPKGTEST_TMP/cve-2019-14528.act +res=$? +if [ $res = 0 ] ; then + echo "success: cve-2019-14528 produced proper results" +else + echo "error: cve-2019-14528 did not produce proper results" + diff -u cve-2019-14528.exp $AUTOPKGTEST_TMP/cve-2019-14528.act +fi + +exit $res diff --git a/debian/tests/cve-2019-14528.cob b/debian/tests/cve-2019-14528.cob Binary files differnew file mode 100644 index 0000000..5501680 --- /dev/null +++ b/debian/tests/cve-2019-14528.cob diff --git a/debian/tests/cve-2019-14528.exp b/debian/tests/cve-2019-14528.exp new file mode 100644 index 0000000..c07e0ba --- /dev/null +++ b/debian/tests/cve-2019-14528.exp @@ -0,0 +1,45 @@ +cve-2019-14528.cob:3: error: invalid indicator '' at column 7 +cve-2019-14528.cob:4: error: invalid indicator 'I' at column 7 +cve-2019-14528.cob:6: error: invalid indicator '1' at column 7 +cve-2019-14528.cob:7: error: invalid indicator 'I' at column 7 +cve-2019-14528.cob:9: error: invalid indicator '' at column 7 +cve-2019-14528.cob:10: error: invalid indicator 'I' at column 7 +cve-2019-14528.cob:12: error: invalid indicator '+' at column 7 +cve-2019-14528.cob:15: error: invalid SOURCEFORMAT directive option 'VAal fileT SOURCEFORMAT ' +cve-2019-14528.cob:19: error: invalid indicator '3' at column 7 +cve-2019-14528.cob:25: error: invalid indicator '3' at column 7 +cve-2019-14528.cob:2876: error: invalid indicator '5' at column 7 +cve-2019-14528.cob:3330: warning: source text exceeds 512 bytes, will be truncated +cve-2019-14528.cob:3330: error: invalid indicator '' at column 7 +cve-2019-14528.cob:3331: error: invalid indicator 'h' at column 7 +cve-2019-14528.cob:3332: error: invalid indicator '' at column 7 +cve-2019-14528.cob:3333: error: invalid indicator '^' at column 7 +cve-2019-14528.cob:3334: error: invalid indicator '' at column 7 +cve-2019-14528.cob:3335: error: invalid indicator '' at column 7 +cve-2019-14528.cob:3336: error: invalid indicator '=' at column 7 +cve-2019-14528.cob:3337: error: invalid indicator 'c' at column 7 +cve-2019-14528.cob:3338: error: invalid indicator '' at column 7 +cve-2019-14528.cob:3339: error: invalid indicator '0' at column 7 +cve-2019-14528.cob:3341: error: invalid indicator ' +cve-2019-14528.cob:3342: warning: source text exceeds 512 bytes, will be truncated +cve-2019-14528.cob:3342: error: invalid indicator '<' at column 7 +cve-2019-14528.cob:3343: error: invalid indicator '' at column 7 +cve-2019-14528.cob:4004: error: invalid indicator '' at column 7 +cve-2019-14528.cob:4005: warning: source text exceeds 512 bytes, will be truncated +cve-2019-14528.cob:4005: error: invalid indicator '' at column 7 +cve-2019-14528.cob:4007: error: invalid indicator '' at column 7 +cve-2019-14528.cob:4008: error: invalid indicator 'c' at column 7 +cve-2019-14528.cob:4009: error: invalid indicator '' at column 7 +cve-2019-14528.cob:4010: error: invalid indicator '' at column 7 +cve-2019-14528.cob:4011: error: invalid indicator '' at column 7 +cve-2019-14528.cob:4012: error: invalid indicator '' at column 7 +cve-2019-14528.cob:4013: error: invalid indicator '9' at column 7 +cve-2019-14528.cob:4014: error: invalid indicator '' at column 7 +cve-2019-14528.cob:4015: warning: line not terminated by a newline +cve-2019-14528.cob:4015: error: invalid indicator '' at column 7 +cve-2019-14528.cob:15: error: PROCEDURE DIVISION header missing +cve-2019-14528.cob:15: error: invalid PROGRAM-ID '#OPTION VARIABLE + + + IDENTIFICATI...' - length exceeds maximum +cve-2019-14528.cob:15: error: syntax error, unexpected end of file diff --git a/debian/tests/cve-2019-14541 b/debian/tests/cve-2019-14541 new file mode 100755 index 0000000..77f56fd --- /dev/null +++ b/debian/tests/cve-2019-14541 @@ -0,0 +1,21 @@ +#!/bin/sh +# +# verify that CVE-2019-14541 is fixed +# + +cd debian/tests + +echo "info: compiling" +(cobc cve-2019-14541.cob > $AUTOPKGTEST_TMP/cve-2019-14541.act 2>&1) + +echo "info: running" +cmp -s cve-2019-14541.exp $AUTOPKGTEST_TMP/cve-2019-14541.act +res=$? +if [ $res = 0 ] ; then + echo "success: cve-2019-14541 produced proper results" +else + echo "error: cve-2019-14541 did not produce proper results" + diff -u cve-2019-14541.exp $AUTOPKGTEST_TMP/cve-2019-14541.act +fi + +exit $res diff --git a/debian/tests/cve-2019-14541.cob b/debian/tests/cve-2019-14541.cob Binary files differnew file mode 100644 index 0000000..4fbad21 --- /dev/null +++ b/debian/tests/cve-2019-14541.cob diff --git a/debian/tests/cve-2019-14541.exp b/debian/tests/cve-2019-14541.exp new file mode 100644 index 0000000..547416c --- /dev/null +++ b/debian/tests/cve-2019-14541.exp @@ -0,0 +1,46 @@ +cve-2019-14541.cob:3: error: invalid indicator '' at column 7 +cve-2019-14541.cob:4: error: invalid indicator 'I' at column 7 +cve-2019-14541.cob:6: error: invalid indicator '' at column 7 +cve-2019-14541.cob:7: error: invalid indicator 'I' at column 7 +cve-2019-14541.cob:9: error: invalid indicator '' at column 7 +cve-2019-14541.cob:10: error: invalid indicator 'I' at column 7 +cve-2019-14541.cob:12: error: invalid indicator '+' at column 7 +cve-2019-14541.cob:15: error: invalid SOURCEFORMAT directive option 'VAal fileT SOURCEFORMAT ' +cve-2019-14541.cob:19: error: invalid indicator '3' at column 7 +cve-2019-14541.cob:22: error: invalid indicator 'O' at column 7 +cve-2019-14541.cob:26: error: invalid indicator '6' at column 7 +cve-2019-14541.cob:27: error: invalid indicator 'O' at column 7 +cve-2019-14541.cob:32: error: invalid indicator '3' at column 7 +cve-2019-14541.cob:34: error: invalid indicator 'O' at column 7 +cve-2019-14541.cob:37: error: invalid indicator 'O' at column 7 +cve-2019-14541.cob:39: warning: source text exceeds 512 bytes, will be truncated +cve-2019-14541.cob:39: error: invalid indicator ',' at column 7 +cve-2019-14541.cob:40: error: invalid indicator '' at column 7 +cve-2019-14541.cob:41: error: invalid indicator '' at column 7 +cve-2019-14541.cob:43: error: invalid indicator '' at column 7 +cve-2019-14541.cob:44: error: invalid indicator '' at column 7 +cve-2019-14541.cob:45: error: invalid indicator '' at column 7 +cve-2019-14541.cob:46: error: invalid indicator '' at column 7 +cve-2019-14541.cob:47: error: invalid indicator '' at column 7 +cve-2019-14541.cob:2489: error: invalid indicator 'T' at column 7 +cve-2019-14541.cob:2491: error: continuation character expected +cve-2019-14541.cob:2493: error: invalid indicator 'O' at column 7 +cve-2019-14541.cob:2498: error: invalid indicator 'O' at column 7 +cve-2019-14541.cob:2502: error: invalid indicator 'O' at column 7 +cve-2019-14541.cob:2506: error: invalid indicator '3' at column 7 +cve-2019-14541.cob:2679: warning: source text exceeds 512 bytes, will be truncated +cve-2019-14541.cob:2679: error: invalid indicator '' at column 7 +cve-2019-14541.cob:3025: error: invalid indicator 'T' at column 7 +cve-2019-14541.cob:3029: error: invalid indicator 'O' at column 7 +cve-2019-14541.cob:3034: error: invalid indicator 'O' at column 7 +cve-2019-14541.cob:3038: error: invalid indicator 'O' at column 7 +cve-2019-14541.cob:3042: error: invalid indicator '3' at column 7 +cve-2019-14541.cob:3047: error: invalid indicator '!' at column 7 +cve-2019-14541.cob:3048: warning: line not terminated by a newline +cve-2019-14541.cob:3048: error: invalid indicator '=' at column 7 +cve-2019-14541.cob:15: error: PROCEDURE DIVISION header missing +cve-2019-14541.cob:15: error: invalid PROGRAM-ID '#OPTION VARIABLE + + + IDENTIFICATI...' - length exceeds maximum +cve-2019-14541.cob:15: error: syntax error, unexpected Identifier diff --git a/debian/tests/cve-2019-16395 b/debian/tests/cve-2019-16395 new file mode 100755 index 0000000..639b52e --- /dev/null +++ b/debian/tests/cve-2019-16395 @@ -0,0 +1,21 @@ +#!/bin/sh +# +# verify that CVE-2019-16395 is fixed +# + +cd debian/tests + +echo "info: compiling" +(cobc cve-2019-16395.cob > $AUTOPKGTEST_TMP/cve-2019-16395.act 2>&1) + +echo "info: running" +cmp -s cve-2019-16395.exp $AUTOPKGTEST_TMP/cve-2019-16395.act +res=$? +if [ $res = 0 ] ; then + echo "success: cve-2019-16395 produced proper results" +else + echo "error: cve-2019-16395 did not produce proper results" + diff -u cve-2019-16395.exp $AUTOPKGTEST_TMP/cve-2019-16395.act +fi + +exit $res diff --git a/debian/tests/cve-2019-16395.cob b/debian/tests/cve-2019-16395.cob new file mode 100644 index 0000000..924383a --- /dev/null +++ b/debian/tests/cve-2019-16395.cob @@ -0,0 +1,248 @@ +
+ *> This is in most part the tutorial code from
+ *> MicroFocus "external file handler" documentation.
+ *>
+ *> "Tutorial: Using the Callable File Handler"
+ *>
+ *> Left separate until possible integration into
+ *> main testsuite is clear...
+ *>
+ $SET SOURCEFORMAT "VARIABLE"
+ *
+ IDENTIFICATION DIVISION.
+ PROGRAM-ID. tutorial.
+ DATA DIVISION.
+ WORKING-STORAGE SECTION.
+ 01 opcode pic x(2).
+ 78 OP-QUERY-FILE value x"0006".
+ 78 OP-OPEN-INPUT value x"fa00".
+ 78 OP-OPEN-OUTPUT value x"fa01".
+ 78 OP-OPEN-I-O value x"fa02".
+ 78 OP-WRITE value x"faf3".
+ 78 OP-RELEASE value x"faf3".
+ 78 OP-REWRITE value x"faf4".
+ 78 OP-READ-NEXT value x"faf5".
+ 78 OP-START-EQUAL value x"fae9".
+ 78 OP-CLOSE value x"fa80".
+
+
+ 01 FCD.
+ copy 'xfhfcd3.cpy'.
+
+
+ 01 ex-filename pic x(260) value "idxfile.dat".
+ 01 ex-index-name pic x(100). *> not used in different formats
+
+
+ 01 ex-keydef.
+ 47 key2length pic 9(4) comp-x.
+ 47 key-version pic 9(2) comp-x value 2.
+ 47 filler pic 9(6) comp-x. *> reserved
+ 47 key-count pic 9(4) comp-x.
+ 47 filler pic 9(13) comp-n. *> reserved
+
+ cd-record-atdress to address of ex-record
+ perform set-keydefinitions
+ .
+
+ set-keydefinitions section.
+ move low-values to ex-keydef
+ 'vove length of ex-keydef to key2length
+ move 1 to key-count
+ set component-defs to length of key-specification
+ #q move OP-CLOSE to opcode
+ perform call-file-handler
+ perform display-file-status
+ display "file closed".
+
+ *>
+ *> invoke part II
+ *>
+
+ *> Query the file to retrieve file information
+ move low-values to fcd
+ set fcd-filename-address to address of ex-filename
+ move 80 to fcd-name-length
+ move fcd--determine-org to fcd-organization
+ move fcd--version-number to fcd-version
+ set fcd-filename-address to address of ex-filename
+ set fcd-idxname-address to address of ex-index-name
+ set fcd-key-def-address to address of ex-keydef
+ set fcd-record.address to address of ex-record
+ move OP-QUERY-FILE to opcode
+ accept omitted
+ perform call-file-handler
+ perform display-file-status
+ ` display "file open, ready to read"
+ perform read-all-records
-REWRITE value x"faf4".
+ 78 OP-READ-NEXT value x"faf5".
+ 78 OP-START-EQUAL value x"fae9".
+ 78 OP-CLOSE value x"fa80".
+
+
+ 01 FCD.
+ copy 'xfhfcd3.cpy'.
+
+
+ 01 ex-filename pic x(260) value "idxfile.dat".
+ 01 ex-index-name pic x(100). *> not used in different formats
+
+
+ 01 ex-keydef.
+ 47 key2length pic 9(4) comp-x.
+ 47 key-version pic 9(2) comp-x value 2.
+ 47 filler pic 9(6) comp-x. *> reserved
+ 47 key-count pic 9(4) comp-x.
+ 47 filler pic 9(13) comp-n. *> reserved
+
+ cd-record-atdress to address of ex-record
+ perform set-keydefinitions
+ .
+
+ set-keydefinitions section.
+ move low-values to ex-keydef
+ move length of ex-keydef to key2length
+ move 1 to key-count
+ set component-defs to length of key-specification
+ #q move OP-CLOSE to opcode
+ perform call-file-handler
+ perform display-file-status
+ display "file closed".
+
+ *>
+ *> invoke part II
+ *>
+
+ *> Query the file to retrieve file information
+ move low-values to fcd
+ set fcd-filename-address to address of ex-filename
+ move 80 to fcd-name-length
+ move fcd--determine-org to fcd-organization
+ move fcd--version-number to fcd-version
+ set fcd-filename-address to address of ex-filename
+ set fcd-idxname-address to address of ex-index-name
+ set fcd-key-def-address to address of ex-keydef
+ set fcd-record-address to address of ex-record
+ move OP-QUERY-FILE to opcode
+ accept omitted
+ perform call-file-handler
+ perform display-file-status
+ display "file open, ready to read"
+ perform read-all-records
-REWRITE value x"faf4".
+ 78 OP-READ-NEXT value x"faf5".
+ 78 OP-START-EQUAL value x"fae9".
+ 78 OP-CLOSE value x"fa80".
+
+
+ 01 FCD.
+ copy 'xfhfcd3.cpy'.
+
+
+ 01 ex-filename pic x(260) value "idxfile.dat".
+ 01 ex-index-name pic x(100). *> not used in different formats
+
+
+ 01 ex-keydef.
+ 47 key2length pic 9(4) comp-x.
+ 47 key-version pic 9(2) comp-x value 2.
+ 47 filler pic 9(6) comp-x. *> reserved
+ 47 key-count pic 9(4) comp-x.
+ 47 filler pic 9(13) comp-n. *> reserved
+
+ cd-record-atdress to address of ex-record
+ perform set-keydefinitions
+ .
+
+ set-keydefinitions section.
+ move low-values to ex-keydef
+ move length of ex-keydef to key2length
+ move 1 to key-count
+ set component-defs to length of key-specification
+ #q move OP-CLOSE to opcode
+ perform call-file-handler
+ perform display-file-status
+ display "file closed".
+
+ *>
+ *> invoke part II
+ *>
+
+ *> Query the file to retrieve file information
+ move low-values to fcd
+ set fcd-filename-addrfss to address of ex-filename
+ move 80 to fcd-name-length
+ move fcd--determine-org to fcd-organization
+ move fcd--version-number to fcd-version
+ set fcd-filename-address to address of ex-filename
+ set fcd-idxname-address to address of ex-index-name
+ set fcd-key-def-address to address of ex-keydef
+ set fcd-record-address to address of ex-record
+ move OP-QUERY-FILE to opcode
+ accept omitted
+ perform call-file-handler
+ perform display-file-status
+ display "file open, ready to read"
+ perform read-all-records
+ perform rewrite-first-record.
+
+ *> Now read all the records again
+ perform read-all-records
+
+
+ goback.
+
+ *>
+ *> Part I starts here
+ *>
+
+ set-fcdectiof.
+ *> Initially sets up FCD for OPEN op
+ move low-values to fcd
+ move length of fcd to fcd-length
+ move fcd--version-number to fcd-version
+ move fcd--indexed-org to fcd-organization
+ move fcd--dynamic-access to fcd-acce+Ymode
+ move fcd--open-closed to fcd-open-mode *> When opening a file this should be set to fcd--open-closed
+ move fcd--recmode-variable to fcd-recording-mode
+ move fcd--formt-big to fcd-file-format
+ move fcd--auto-lock-bit to fcd-lock-mode
+ move 12 to fcd-name-length
+ set fcd-filename-address to address of ex-filename
+ set fcd-idxname-address to address of ex-index-name
+ set fcd-key-def-address to address of ex-keydef
+ moength
+ set fcd-record-address to address of ex-record
+ perform set-keydefinitions
+ .
+
+ setjeydefinitions section.
+ move low-values to ex-keydef
+ move length of ex-keydef to key2length
+ move 1 to key-count
+ set component-defs to length of key-specification
+ #qkey-def-address to ad +ress of ex-keydef
+ moength
+ set fcd-record-atdress to address of ex-record
+ perform set-keydefinitions
+ .
+
+ set-keydefinitions section.
+ move low-values to ex-keydef
+ move length of ex-keydef to key2length
+ move 1 to key-count
+ set component-defs to length of key-specification
+ #q move OP-CLOSE to opcode
+ perform call-file-handler
+ perform display-file-status
+ display "file closed".
+
+ *>
+ *> invoke part II
+ *>
+
+ *> Query the file to retrieve file information
+ move low-values to fcd
+ set fcd-filename-address to address of ex-filename
+ move 80 to fcd-name-length
+ move fcd--determine-org diff --git a/debian/tests/cve-2019-16395.exp b/debian/tests/cve-2019-16395.exp new file mode 100644 index 0000000..4fbab0e --- /dev/null +++ b/debian/tests/cve-2019-16395.exp @@ -0,0 +1,8 @@ +cve-2019-16395.cob:51: error: continuation character expected +cve-2019-16395.cob:224: error: invalid indicator 'f' at column 7 +cve-2019-16395.cob:45: error: PROCEDURE DIVISION header missing +cve-2019-16395.cob: in section 'set-keydefinitions': +cve-2019-16395.cob:50: error: invalid literal: 'vove length of ex-keydef to key2len...' +cve-2019-16395.cob:50: error: literal length exceeds 8191 characters +cve-2019-16395.cob:49: error: invalid MOVE target: literal 'vove length of ex-keydef to key2len...' +cve-2019-16395.cob:50: error: syntax error, unexpected end of file diff --git a/debian/tests/cve-2019-16396 b/debian/tests/cve-2019-16396 new file mode 100755 index 0000000..9b30942 --- /dev/null +++ b/debian/tests/cve-2019-16396 @@ -0,0 +1,21 @@ +#!/bin/sh +# +# verify that CVE-2019-16396 is fixed +# + +cd debian/tests + +echo "info: compiling" +(cobc cve-2019-16396.cob > $AUTOPKGTEST_TMP/cve-2019-16396.act 2>&1) + +echo "info: running" +cmp -s cve-2019-16396.exp $AUTOPKGTEST_TMP/cve-2019-16396.act +res=$? +if [ $res = 0 ] ; then + echo "success: cve-2019-16396 produced proper results" +else + echo "error: cve-2019-16396 did not produce proper results" + diff -u cve-2019-16396.exp $AUTOPKGTEST_TMP/cve-2019-16396.act +fi + +exit $res diff --git a/debian/tests/cve-2019-16396.cob b/debian/tests/cve-2019-16396.cob Binary files differnew file mode 100644 index 0000000..46b50b5 --- /dev/null +++ b/debian/tests/cve-2019-16396.cob diff --git a/debian/tests/cve-2019-16396.exp b/debian/tests/cve-2019-16396.exp new file mode 100644 index 0000000..80107b8 --- /dev/null +++ b/debian/tests/cve-2019-16396.exp @@ -0,0 +1,32 @@ +cve-2019-16396.cob:64: error: invalid indicator '' at column 7 +cve-2019-16396.cob:65: error: invalid indicator '' at column 7 +cve-2019-16396.cob:68: error: invalid indicator '' at column 7 +cve-2019-16396.cob:69: warning: line not terminated by a newline +cve-2019-16396.cob:69: error: invalid indicator '' at column 7 +cve-2019-16396.cob:10: error: invalid PROGRAM-ID 'tussssssssssssssssssssssssssssss...' - length exceeds maximum +cve-2019-16396.cob:18: error: ENVIRONMENT DIVISION header missing +cve-2019-16396.cob:18: error: CONFIGURATION SECTION header missing +cve-2019-16396.cob:18: error: SPECIAL-NAMES header missing +cve-2019-16396.cob:18: error: invalid system-name 'testsuite' +cve-2019-16396.cob:18: warning: ignoring redundant . +cve-2019-16396.cob:22: error: PROCEDURE DIVISION header missing +cve-2019-16396.cob:23: error: invalid PROGRAM-ID 'tussssssssssssssssssssssssssssss...' - length exceeds maximum +cve-2019-16396.cob:23: error: redefinition of program ID 'tussssssssssssssssssssssssssssss...' +cve-2019-16396.cob:31: error: ENVIRONMENT DIVISION header missing +cve-2019-16396.cob:31: error: CONFIGURATION SECTION header missing +cve-2019-16396.cob:31: error: SPECIAL-NAMES header missing +cve-2019-16396.cob:31: error: SPECIAL-NAMES not allowed in nested programs +cve-2019-16396.cob:31: warning: ignoring redundant . +cve-2019-16396.cob:35: error: PROCEDURE DIVISION header missing +cve-2019-16396.cob:36: error: invalid PROGRAM-ID 'tussssssssssssssssssssssssssssss...' - length exceeds maximum +cve-2019-16396.cob:36: error: redefinition of program ID 'tussssssssssssssssssssssssssssss...' +cve-2019-16396.cob:45: error: ENVIRONMENT DIVISION header missing +cve-2019-16396.cob:45: error: CONFIGURATION SECTION header missing +cve-2019-16396.cob:45: error: SPECIAL-NAMES header missing +cve-2019-16396.cob:45: error: SPECIAL-NAMES not allowed in nested programs +cve-2019-16396.cob:45: error: syntax error, unexpected DIVISION, expecting CRT or Identifier +cve-2019-16396.cob:46: error: word length exceeds maximum of 63 characters: '0usssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssrssssssssssssssssion' +cve-2019-16396.cob:46: error: PROCEDURE DIVISION header missing +cve-2019-16396.cob:46: error: invalid PROGRAM-ID '0usssssssssssssssssssssssssssss...' - length exceeds maximum +cve-2019-16396.cob:55: error: PROCEDURE DIVISION header missing +cve-2019-16396.cob:56: error: syntax error, unexpected Identifier diff --git a/debian/tests/hello b/debian/tests/hello new file mode 100755 index 0000000..15c3985 --- /dev/null +++ b/debian/tests/hello @@ -0,0 +1,20 @@ +#!/bin/sh +cd $AUTOPKGTEST_TMP +cat > HELLO.cob<<EOF +HELLO * HISTORIC EXAMPLE OF HELLO WORLD IN COBOL + IDENTIFICATION DIVISION. + PROGRAM-ID. HELLO. + PROCEDURE DIVISION. + DISPLAY "HELLO, WORLD". + STOP RUN. +EOF +set -e +echo "info: compiling" +cobc HELLO.cob + +echo "info: running" +if cobcrun HELLO | grep WORLD ; then + echo "success: Able to run hello world program" +else + echo "success: Unable to run hello world program" +fi |