librpc ndr: Infinite loop parsing Suplemental creds

Fuzzing by Michael Hanselmann found an infinite loop parsing a malformed
supplemental credentials structure.  There are no server-side
network-accessible calls using this code.

This patch adds an ndrdump blackbox test to replicate the issue.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13874

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python/samba/tests/blackbox/ndrdump.py

@@ -261,3 +261,16 @@ dump OK
         # check_output will return bytes
         # convert expected to bytes for python 3
         self.assertEqual(actual, expected.encode('utf-8'))
+
+    def test_ndrdump_fuzzed_PackagesBlob(self):
+        expected = 'ndr_pull_string: ndr_pull_error\\(Buffer Size Error\\):'
+        command = (
+            "ndrdump drsblobs package_PackagesBlob struct --input='aw=='"
+            " --base64-input")
+        try:
+            actual = self.check_exit_code(command, 2)
+        except BlackboxProcessError as e:
+            self.fail(e)
+        # check_output will return bytes
+        # convert expected to bytes for python 3
+        self.assertRegex(actual.decode('utf8'), expected)

selftest/knownfail.d/bug-13874

@@ -0,0 +1 @@
+^samba.tests.blackbox.ndrdump.samba.tests.blackbox.ndrdump.NdrDumpTests.test_ndrdump_fuzzed_PackagesBlob\(none\)