sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-22 22:04:08 +03:00
Code

lib/fuzzing: add fuzzer for sddl_parse

Browse Source 
Apart from catching crashes in the actual parsing, we abort if the SD
we end up with will not round trip back through SDDL to an identical
SD.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Douglas Bagnall 2020-12-18 17:58:56 +13:00 committed by Andrew Bartlett
parent dc96e9cfd5
commit 9ab0d65fc0
2 changed files with 70 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
lib/fuzzing/fuzz_sddl_parse.c Normal file
View File

@ -0,0 +1,65 @@
/*
Fuzz sddl decoding and encoding
Copyright (C) Catalyst IT 2023
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "libcli/security/security.h"
#include "fuzzing/fuzzing.h"
#define MAX_LENGTH (100 * 1024 - 1)
static char sddl_string[MAX_LENGTH + 1] = {0};
static struct dom_sid dom_sid = {0};
int LLVMFuzzerInitialize(int *argc, char ***argv)
{
string_to_sid(&dom_sid,
"S-1-5-21-2470180966-3899876309-2637894779");
return 0;
}
int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
{
TALLOC_CTX *mem_ctx = NULL;
struct security_descriptor *sd1 = NULL;
struct security_descriptor *sd2 = NULL;
char *result = NULL;
bool ok;
if (len > MAX_LENGTH) {
return 0;
}
memcpy(sddl_string, input, len);
sddl_string[len] = '\0';
mem_ctx = talloc_new(NULL);
sd1 = sddl_decode(mem_ctx, sddl_string, &dom_sid);
if (sd1 == NULL) {
goto end;
}
result = sddl_encode(mem_ctx, sd1, &dom_sid);
sd2 = sddl_decode(mem_ctx, result, &dom_sid);
ok = security_descriptor_equal(sd1, sd2);
if (!ok) {
abort();
}
end:
talloc_free(mem_ctx);
return 0;
}

5
lib/fuzzing/wscript_build
View File

@ -32,6 +32,11 @@ bld.SAMBA_BINARY('fuzz_reg_parse',
deps='fuzzing samba3-util smbconf REGFIO afl-fuzz-main',
fuzzer=True)
bld.SAMBA_BINARY('fuzz_sddl_parse',
source='fuzz_sddl_parse.c',
deps='fuzzing samba-security afl-fuzz-main',
fuzzer=True)
bld.SAMBA_BINARY('fuzz_nmblib_parse_packet',
source='fuzz_nmblib_parse_packet.c',
deps='fuzzing libsmb afl-fuzz-main',