mirror of
https://github.com/samba-team/samba.git
synced 2025-01-08 21:18:16 +03:00
blackbox.ndrdump: fix test_ndrdump_fuzzed_NULL_struct_ntlmssp_CHALLENGE_MESSAGE test
This actually reveals that ndr_push_string() for TargetName="" was failing before because it resulted in 1 byte for a subcontext with TargetLen=0. This is fixed now and we no longer expect ndrdump to exit with 1. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Jan 24 16:18:34 UTC 2022 on sn-devel-184
This commit is contained in:
Stefan Metzmacher
parent
43648e95a5
commit
12464bd4c2
@ -499,10 +499,9 @@ dump OK
|
||||
def test_ndrdump_fuzzed_NULL_struct_ntlmssp_CHALLENGE_MESSAGE(self):
|
||||
expected = open(self.data_path("fuzzed_ntlmssp-CHALLENGE_MESSAGE.txt")).read().encode('utf8')
|
||||
try:
|
||||
actual = self.check_exit_code(
|
||||
actual = self.check_output(
|
||||
"ndrdump --debug-stdout ntlmssp CHALLENGE_MESSAGE struct --validate --input " +\
|
||||
"'AAAACwIAAAAAJwIAAAAAAAcAAAAAAAAAAIAbhG8uyk9dAL0mQE73MAAAAAAAAAAA' --base64-input",
|
||||
1)
|
||||
"'AAAACwIAAAAAJwIAAAAAAAcAAAAAAAAAAIAbhG8uyk9dAL0mQE73MAAAAAAAAAAA' --base64-input")
|
||||
except BlackboxProcessError as e:
|
||||
self.fail(e)
|
||||
|
||||
|
||||
@ -1 +0,0 @@
|
||||
^samba.tests.blackbox.ndrdump.samba.tests.blackbox.ndrdump.NdrDumpTests.test_ndrdump_fuzzed_NULL_struct_ntlmssp_CHALLENGE_MESSAGE
|
||||
@ -38,6 +38,52 @@ pull returned Success
|
||||
TargetInfoLen : 0x0000 (0)
|
||||
TargetInfoMaxLen : 0x0000 (0)
|
||||
TargetInfo : NULL
|
||||
ndr_push_subcontext_end: ndr_push_error(Subcontext Error): Bad subcontext (PUSH) content_size 1 is larger than size_is(0) at ../../librpc/ndr/ndr.c:901
|
||||
push returned Subcontext Error
|
||||
validate push FAILED
|
||||
push returned Success
|
||||
pull returned Success
|
||||
CHALLENGE_MESSAGE: struct CHALLENGE_MESSAGE
|
||||
Signature : 'NTLMSSP'
|
||||
MessageType : NtLmChallenge (0x2)
|
||||
TargetNameLen : 0x0000 (0)
|
||||
TargetNameMaxLen : 0x0000 (0)
|
||||
TargetName : *
|
||||
TargetName : ''
|
||||
NegotiateFlags : 0x00000000 (0)
|
||||
0: NTLMSSP_NEGOTIATE_UNICODE
|
||||
0: NTLMSSP_NEGOTIATE_OEM
|
||||
0: NTLMSSP_REQUEST_TARGET
|
||||
0: NTLMSSP_NEGOTIATE_SIGN
|
||||
0: NTLMSSP_NEGOTIATE_SEAL
|
||||
0: NTLMSSP_NEGOTIATE_DATAGRAM
|
||||
0: NTLMSSP_NEGOTIATE_LM_KEY
|
||||
0: NTLMSSP_NEGOTIATE_NETWARE
|
||||
0: NTLMSSP_NEGOTIATE_NTLM
|
||||
0: NTLMSSP_NEGOTIATE_NT_ONLY
|
||||
0: NTLMSSP_ANONYMOUS
|
||||
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
|
||||
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
|
||||
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
|
||||
0: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
|
||||
0: NTLMSSP_TARGET_TYPE_DOMAIN
|
||||
0: NTLMSSP_TARGET_TYPE_SERVER
|
||||
0: NTLMSSP_TARGET_TYPE_SHARE
|
||||
0: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
|
||||
0: NTLMSSP_NEGOTIATE_IDENTIFY
|
||||
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
|
||||
0: NTLMSSP_NEGOTIATE_TARGET_INFO
|
||||
0: NTLMSSP_NEGOTIATE_VERSION
|
||||
0: NTLMSSP_NEGOTIATE_128
|
||||
0: NTLMSSP_NEGOTIATE_KEY_EXCH
|
||||
0: NTLMSSP_NEGOTIATE_56
|
||||
ServerChallenge : 00801b846f2eca4f
|
||||
Reserved : 5d00bd26404ef730
|
||||
TargetInfoLen : 0x0000 (0)
|
||||
TargetInfoMaxLen : 0x0000 (0)
|
||||
TargetInfo : NULL
|
||||
WARNING! orig and validated differ at byte 0x00 (0)
|
||||
WARNING! orig byte[0x00] = 0x00 validated byte[0x00] = 0x4E
|
||||
-[0000] 00 00 00 0B 02 00 00 00 00 27 02 00 00 00 00 00 ........ .'......
|
||||
+[0000] 4E 54 4C 4D 53 53 50 00 02 00 00 00 00 00 00 00 NTLMSSP. ........
|
||||
-[0010] 07 00 00 00 00 00 00 00 00 80 1B 84 6F 2E CA 4F ........ ....o..O
|
||||
+[0010] 30 00 00 00 00 00 00 00 00 80 1B 84 6F 2E CA 4F 0....... ....o..O
|
||||
[0020] 5D 00 BD 26 40 4E F7 30 00 00 00 00 00 00 00 00 ]..&@N.0 ........
|
||||
dump OK
|
||||
|
||||
Loading…
Reference in New Issue
Block a user