From b0832d20163146e59586de5556a3ef75187f600f Mon Sep 17 00:00:00 2001 From: Gary Lockyer Date: Thu, 2 Apr 2020 15:25:53 +1300 Subject: [PATCH] CVE-2020-10704: libcli ldap: test recursion depth in ldap_decode_filter_tree Add tests to check that ASN.1 ldap requests with deeply nested elements are rejected. Previously there was no check on the on the depth of nesting and excessive nesting could cause a stack overflow. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer Reviewed-by: Andrew Bartlett --- libcli/ldap/tests/data/10000-or.dat | Bin 0 -> 39875 bytes libcli/ldap/tests/data/ldap-recursive.dat | Bin 0 -> 970 bytes libcli/ldap/tests/ldap_message_test.c | 271 ++++++++++++++++++++++ libcli/ldap/wscript_build | 15 ++ selftest/knownfail.d/ldap_message | 2 + source4/selftest/tests.py | 2 + 6 files changed, 290 insertions(+) create mode 100644 libcli/ldap/tests/data/10000-or.dat create mode 100644 libcli/ldap/tests/data/ldap-recursive.dat create mode 100644 libcli/ldap/tests/ldap_message_test.c create mode 100644 selftest/knownfail.d/ldap_message diff --git a/libcli/ldap/tests/data/10000-or.dat b/libcli/ldap/tests/data/10000-or.dat new file mode 100644 index 0000000000000000000000000000000000000000..e2d6de2ce330e80d1c2f28854b3542b789de9834 GIT binary patch literal 39875 zcmW*aG4#R#066$u|ED4EH8eCdbcEc6xDZ0;au-4fA%vU|a@U>Qh1}H%A%u|sYxoYo z;Wsq=hThZA^BR7`Z)j*}XlQ6?XlQ6?Xy`p3-urz1iSa-D|NMi{Klo?I|M36)ulq;- z^`ZZtfAIeo3jHI&_#XzYT)J@X%&8Mc4jtIHXV;ExTQ+T2w`SFfWlI(IQ zO&B+3)QDk2!TA66@$Ji}5AWW*dhzVZqX+-|b??rt8-HB;?U#WomoA(;bLzyALkITl z*|lTamQ5Shty#5V*^)&I=FOQkW7?ES6UL1hHDcIMFkXIq`||0-yEm_1JbUu!!9Rc9 zyL0QtAJ=~SW#G!C3+K+9I&tLCfqi>+?bxOOVBelyJGO1v zv|-(vRV$V)S+ro@oLMubO_?-d+?Y`#h7ASd|HsF-FP}cVd-LkWvnP)p{PWknJGXB9 zaqYKX2CiJXaPG{h6Gsjm*tcibj%`~uZCJNv)rw_H7A=@JXV#2qQzlIqH)hm`VMD?A z|Nimq%cl?T-n@G8?8&1C|NM3D&aE4NT>I^pfh(6ToI7*s#F0Y>_U+lVW80QZ8`iB^ zwPM+lMGNN5nKfhDlt~lDjTtp!*ibNDe0=-z>BGA>uU&73~e*0zM z%B2hE&YU`N^tg$G0z^KD>ML>cz7sj~@K<*S$NpZv1iWw_gUXT)J@X z%&8Mc4jtIHXV;ExTQ+T2w`SFfWlI(IQO&B+3)QDk2!TA63@$Ji}5AWW* zdhzVZqX+-|b??rt8-HB;?U#WomoA(;bLzyALkITl*|lTamQ5Shty#5V*^)&I=FOQk zW7?ES6UL1hHDcIMFrI&W`||0-yEm_1JbUu!!9Rc9yL0QtAJ=~SW#G!C3+K+9I&tLC zfqi>+?bxOOVBelyJGO1vv|-(vRV$V)S+ro@oLMubO_?-d z+?Y`#h7ASd|I^2}FP}cVd-LkWvnP)p{PWknJGXB9aqYKX2CiJXaPG{h6Gsjm*tcib zj%`~uZCJNv)rw_H7A=@JXV#2qQzlIqH)hm`VMD?A|M>Ck%cl?T-n@G8?8&1C|NM3D z&aE4NT>I^pfh(6ToI7*s#F0Y>_U+lVW80QZ8`iB^wPM+lMGNN5nKfhDlt~lDjTtp! z*ibN@eSG`!>BGA>uU&73~e*0zM%B2hE&YU`N^ty z$G0z^KD>ML>cz7sj~@K<*S$NpZv1iWw_gUXT)J@X%&8Mc4jtIHXV;ExTQ+T2w`SFf zWlI(IQO&B+3)QDk2!T5jo@$Ji}5AWW*dhzVZqX+-|b??rt8-HB;?U#Wo zmoA(;bLzyALkITl*|lTamQ5Shty#5V*^)&I=FOQkW7?ES6UL1hHDcIMFrI#V`||0- zyEm_1JbUu!!9Rc9yL0QtAJ=~SW#G!C3+K+9I&tLCfqi>+?bxOOVBelyJGO1vv|-(vRV$V)S+ro@oLMubO_?-d+?Y`#h7ASd|INp@FP}cVd-LkW zvnP)p{PWknJGXB9aqYKX2CiJXaPG{h6Gsjm*tcibj%`~uZCJNv)rw_H7A=@JXV#2q zQzlIqH)hm`VMD?AfBo_8%cl?T-n@G8?8&1C|NM3D&aE4NT>I^pfh(6ToI7*s#F0Y> z_U+lVW80QZ8`iB^wPM+lMGNN5nKfhDlt~lDjTtp!*ibN@e0=-z>BGA>uU&73~e*0zM%B2hE&YU`N=A1)xGP zH~zTx+b;uGE?qcx=G2KJhYsx9vunq;Et@v1TeE7#vL%Za%$qZ7#hgO1N-*u+OciRrVZ=X ztXi>b$)W}G=FFNgZOWtxELpk3PPA`Sju4n^!NMJ$dxtpTF+ixpm`@Yrp+6 zaOKj4b7xMSICAK~zCF8kY}>MF!@4!ARxDexXu-TWvt~@2GHJrNF{4Hd8w$q%>c_V) zpFX^M^XkR3CyyTd^VhvQw{HA#?YCbBu3Wls?#!tZM-Cm>w`bRmZCf^NShr@?ie*a{ zEtofF){JRWCQTSOX4HsbL&5l8`S|wb(}#C&UcGqs(;DVv24kr1@q?2nlWw4qzU83j2ba)C>Z}QKfZnW^x@r` zS1+DDdGz3)zwX_+b>oj~zx^_B<n+p=lHx;3j-EL*Z@!Mr)M zW=xwhX~MWMqecuH3dX~aZ(lxrc=zVji)T+BJ^1IZdv|W#_~Y7dzYJWtbm82YQzwob zIMUlvuee%C5sl!n=@<1v?-G& zj2km*#IT`Y{6GKr_T|%ucW++3c=qJcgMa?IcjwlPKd$}u%fOXO7tWnIb>hgO1N-*u z+OciRrVZ=XtXi>b$)W}G=FFNgZOWtxELp|Ia?Yefjj^-J4f0o;`W=;Ge(l z-MMw+k88jEGH~V6g>z?4oj7vnz`i}Zc5K_SX~ViTt5z&qvS`7)IkRR=n=)y_xG|$f z3>yl@gO6`tK7Dxi=GBX5PaZw^=dXKrZr%9f+Hb!MT)A}N+?i7+jvP9$Z_lnB+qP`l zux`z&70Z?^S}uJ9Fy9kwXXe?b)?s+m=lm)~#8!V%d^K3+Bz4HDlV8NfXA688u?qP%!?N zKE8eV^x@r`S1+DDdGz3)zwX_+b>oj~zx^_B<n+p=lHx;3j- zEL*Z@!Mr)MW=xwhX~MWMqecuH3daA_k8fW-eR%ig)r)6O9zFQyuX}fH-T33$Z@&y& zxpd*&nNuf@96GRX&#oQYwrtw4Zq2F{%a$x!FmKMR8PldrnlNt6s1d`4f^q-j+m}xt z-o1JC;@Oi&5B~Y<-kn=F{MUlvuee%C5sl! zn=@<1v?-G&j2km*#IT`Y{6G2l_T|%ucW++3c=qJcgMa?IcjwlPKd$}u%fOXO7tWnI zb>hgO1N-*u+OciRrVZ=XtXi>b$)W}G=FFNgZOWtxELp|BD~rzI^)d?#-(g z&z?Mb@XufO?%cZZ$F<*n8Mt!k!nrf2P8>OOVBelyJGO1vv|-(vRV$V)S+ro@oLMub zO_?-d+?Y`#h7ASdf8pcXmrozwy?OQG*^@^P{`u?Pom)5lxc1vG16M9xICtjMi6e&& z?Ax(;DVv24kr1@q?2nlWw4qzU83 zj2ba)C>a0qAK$)w`ta_}s~69nJbLiYU-$0Zy79-g-+mdma_PdkGp9}*Idov(o?Sb( zZP~P8-I`S^mMvMdVBVZrGp0?MG-2GBQ6q*81>=A2)xGP zH~zTx+b;uGE?qcx=G2KJhYsx9vunq;Et@v1TeE7#vL%Za%$qZ7#T7E3FF3$8Zm4r7z?4oj7vnz`i}Zc5K_SX~ViTt5z&qvS`7)IkRR=n=)y_xG|$f3>yl@|D%s@ zUp{?!_vY1$XHOnI_~);CcW&MIe)``}XYGv2Dwy4eQpdTCr@&q6PEj z%$hN6%A^V7#*7*oj~zx^_B<n+p=lHx;3j-EL*Z@!Mr)MW=xwhX~MWMqecuH3daBak8fW-eR%ig)r)6O z9zFQyuX}fH-T33$Z@&y&xpd*&nNuf@96GRX&#oQYwrtw4Zq2F{%a$x!FmKMR8Pldr znlNt6s1d`4g7JUv)xGPH~zTx+b;uGE?qcx=G2KJhYsx9 zvunq;Et@v1TeE7#vL%Za%$qZ7#T7E3FF3$ z8Zm4r7`H#Zefjj^-J4f0o;`W=;Ge(l-MMw+k88jEGH~V6g>z?4oj7vnz`i}Zc5K_S zX~ViTt5z&qvS`7)IkRR=n=)y_xG|$f3>yl@|DBI-Up{?!_vY1$XHOnI_~);CcW&MI zI^pfh(6ToI7*s#F0Y>_U+lVW80QZ8`iB^ zwPM+lMGNN5nKfhDlt~lDjTtp!*ibP3Z-0FI^6A67H?Lkid-CYPKY!i3bL++**M9qD z;L4>7=gyouapcf}eS3E8*tTWUhIMOJtys2X(Smt%X3dy3WzvLkV@8b_HWZ9oAK$)w z`ta_}s~69nJbLiYU-$0Zy79-g-+mdma_PdkGp9}*Idov(o?Sb(ZP~P8-I`S^mMvMd zVBVZrGp0?MG-2GBQ6q*81>^tL$G0z^KD>ML>cz7sj~@K<*S$NpZv1iWw_gUXT)J@X z%&8Mc4jtIHXV;ExTQ+T2w`SFfWlI(IQO&B+3)QDk2!T7)V@$Ji}5AWW* zdhzVZqX+-|b??rt8-HB;?U#WomoA(;bLzyALkITl*|lTamQ5Shty#5V*^)&I=FOQk zW7?ES6UL1hHDcIMF#d0ReEah0!@D=HUOap9=)pgK-Me$^#vj*y`(@zDr3>fIoH}vj z(1Cq>cJ0`OOVBelyJGO1vv|-(vRV$V)S+ro@oLMubO_?-d z+?Y`#h7ASd|N6(bFP}cVd-LkWvnP)p{PWknJGXB9aqYKX2CiJXaPG{h6Gsjm*tcib zj%`~uZCJNv)rw_H7A=@JXV#2qQzlIqH)hm`VMD?AzxMI%%cl?T-n@G8?8&1C|NM3D z&aE4NT>I^pfh(6ToI7*s#F0Y>_U+lVW80QZ8`iB^wPM+lMGNN5nKfhDlt~lDjTtp! z*ibP3uYP>{^6A67H?Lkid-CYPKY!i3bL++**M9qD;L4>7=gyouapcf}eS3E8*tTWU zhIMOJtys2X(Smt%X3dy3WzvLkV@8b_HWZ8-AK$)w`ta_}s~69nJbLiYU-$0Zy79-g z-+mdma_PdkGp9}*Idov(o?Sb(ZP~P8-I`S^mMvMdVBVZrGp0?MG-2GBQ6q*81>^t9 z$G0z^KD>ML>cz7sj~@K<*S$NpZv1iWw_gUXT)J@X%&8Mc4jtIHXV;ExTQ+T2w`SFf zWlI(IQO&B+3)QDk2!T7)Y@$Ji}5AWW*dhzVZqX+-|b??rt8-HB;?U#Wo zmoA(;bLzyALkITl*|lTamQ5Shty#5V*^)&I=FOQkW7?ES6UL1hHDcIMF#a!neEah0 z!@D=HUOap9=)pgK-Me$^#vj*y`(@zDr3>fIoH}vj(1Cq>cJ0`OOVBelyJGO1vv|-(vRV$V)S+ro@oLMubO_?-d+?Y`#h7ASd|Ki8DFP}cVd-LkW zvnP)p{PWknJGXB9aqYKX2CiJXaPG{h6Gsjm*tcibj%`~uZCJNv)rw_H7A=@JXV#2q zQzlIqH)hm`VMD?Azwq(x%cl?T-n@G8?8&1C|NM3D&aE4NT>I^pfh(6ToI7*s#F0Y> z_U+lVW80QZ8`iB^wPM+lMGNN5nKfhDlt~lDjTtp!*ibP3&wqUT^6A67H?Lkid-CYP zKY!i3bL++**M9qD;L4>7=gyouapcf}eS3E8*tTWUhIMOJtys2X(Smt%X3dy3WzvLk zV@8b_HWZ9&AK$)w`ta_}s~69nJbLiYU-$0Zy79-g-+mdma_PdkGp9}*Idov(o?Sb( zZP~P8-I`S^mMvMdVBVZrGp0?MG-2GBQ6q*81>^tR$G0z^KD>ML>cz7sj~@K<*S$Np zZv1iWw_gUXT)J@X%&8Mc4jtIHXV;ExTQ+T2w`SFfWlI(IQO&B+3)QDk2 z!T3M>@$Ji}5AWW*dhzVZqX+-|b??rt8-HB;?U#WomoA(;bLzyALkITl*|lTamQ5Sh zty#5V*^)&I=FOQkW7?ES6UL1hHDcIMF#gYceEah0!@D=HUOap9=)pgK-Me$^#vj*y z`(@zDr3>fIoH}vj(1Cq>cJ0`OOVBelyJGO1vv|-(vRV$V) zS+ro@oLMubO_?-d+?Y`#h7ASd|MbVVFP}cVd-LkWvnP)p{PWknJGXB9aqYKX2CiJX zaPG{h6Gsjm*tcibj%`~uZCJNv)rw_H7A=@JXV#2qQzlIqH)hm`VMD?AKlSnL%cl?T z-n@G8?8&1C|NM3D&aE4NT>I^pfh(6ToI7*s#F0Y>_U+lVW80QZ8`iB^wPM+lMGNN5 znKfhDlt~lDjTtp!*ibP3Pkwy+^6A67H?Lkid-CYPKY!i3bL++**M9qD;L4>7=gyou zapcf}eS3E8*tTWUhIMOJtys2X(Smt%X3dy3WzvLkV@8b_HWZ92AK$)w`ta_}s~69n zJbLiYU-$0Zy79-g-+mdma_PdkGp9}*Idov(o?Sb(ZP~P8-I`S^mMvMdVBVZrGp0?M zG-2GBQ6q*81>^t3$G0z^KD>ML>cz7sj~@K<*S$NpZv1iWw_gUXT)J@X%&8Mc4jtIH zXV;ExTQ+T2w`SFfWlI(IQO&B+3)QDk2!T3M^@$Ji}5AWW*dhzVZqX+-| zb??rt8-HB;?U#WomoA(;bLzyALkITl*|lTamQ5Shty#5V*^)&I=FOQkW7?ES6UL1h zHDcIMF#eByeEah0!@D=HUOap9=)pgK-Me$^#vj*y`(@zDr3>fIoH}vj(1Cq>cJ0`< zWz&XrYgVmTwq((Qd2?pXm^Nk7gmGg=jTkl*jLRS2zI^)d?#-(g&z?Mb@XufO?%cZZ z$F<*n8Mt!k!nrf2P8>OOVBelyJGO1vv|-(vRV$V)S+ro@oLMubO_?-d+?Y`#h7ASd zf9B)cmrozwy?OQG*^@^P{`u?Pom)5lxc1vG16M9xICtjMi6e&&?Ax7=gyouapcf}eS3E8*tTWUhIMOJtys2X(Smt%X3dy3WzvLkV@8b_HWZBiqaWYC zeERV2&8rvBo;-T+&tLcM+`93{wcmajxN_;jxihCu965Ag-=1ANwr$z8VcnWlE0!%; zv|!$xSu>_hnKWVCm{B8!4F%)U$G0z^KD>ML>cz7sj~@K<*S$NpZv1iWw_gUXT)J@X z%&8Mc4jtIHXV;ExTQ+T2w`SFfWlI(IQO&B+3)QDk2!T6v0`1a+~hj(vY zy?FNI(Sv{fx_9T+jX$pa_RGMPOBc?aId$U5p#%H&?Aozy%cc$M)~s5wY{{Yp^XAN& zF>T7E3FF3$8Zm4r82?8;zJ2-h;oX~8FP=Sl^x&Vr?%la{n9X4Q&iOBOAdH)qz2X;UUm z7&m6rh+#v)xcKqy%cl?T-n@G8?8&1C|NM3D&aE4NT>I^pfh(6ToI7*s#F0Y>_U+lV zW80QZ8`iB^wPM+lMGNN5nKfhDlt~lDjTtp!*ibP34}X07^6A67H?Lkid-CYPKY!i3 zbL++**M9qD;L4>7=gyouapcf}eS3E8*tTWUhIMOJtys2X(Smt%X3dy3WzvLkV@8b_ zHWZBiLm%J1eERV2&8rvBo;-T+&tLcM+`93{wcmajxN_;jxihCu965Ag-=1ANwr$z8 zVcnWlE0!%;v|!$xSu>_hnKWVCm{B8!4F%)>;K#QwpFX^M^XkR3CyyTd^VhvQw{HA# z?YCbBu3Wls?#!tZM-Cm>w`bRmZCf^NShr@?ie*a{EtofF){JRWCQTSOX4HsbL&3Q4 z@$Ji}5AWW*dhzVZqX+-|b??rt8-HB;?U#WomoA(;bLzyALkITl*|lTamQ5Shty#5V z*^)&I=FOQkW7?ES6UL1hHDcIMF#ZpGeEah0!@D=HUOap9=)pgK-Me$^#vj*y`(@zD zr3>fIoH}vj(1Cq>cJ0`B6})r%oI>bYS0}T|2gI*|cHZnpG>7Em^c+ z-ke!8rcIeNVceKeBZdtHn9X4Q&iOBOAdH)qz2X;UUm7&m6rh+#v)IREkO%cl?T-n@G8 z?8&1C|NM3D&aE4NT>I^pfh(6ToI7*s#F0Y>_U+lVW80QZ8`iB^wPM+lMGNN5nKfhD zlt~lDjTtp!*ibP3_kMi)^6A67H?Lkid-CYPKY!i3bL++**M9qD;L4>7=gyouapcf} zeS3E8*tTWUhIMOJtys2X(Smt%X3dy3WzvLkV@8b_HWZBiJs;n`eERV2&8rvBo;-T+ z&tLcM+`93{wcmajxN_;jxihCu965Ag-=1ANwr$z8VcnWlE0!%;v|!$xSu>_hnKWVC zm{B8!4F%(W_s6#{pFX^M^XkR3CyyTd^VhvQw{HA#?YCbBu3Wls?#!tZM-Cm>w`bRm zZCf^NShr@?ie*a{EtofF){JRWCQTSOX4HsbL%}%r@$Ji}5AWW*dhzVZqX+-|b??rt z8-HB;?U#WomoA(;bLzyALkITl*|lTamQ5Shty#5V*^)&I=FOQkW7?ES6UL1hHDcIM zF#ab#zJ2-h;oX~8FP=Sl^x&Vr?%la{MUlvuee% zC5sl!n=@<1v?-G&j2km*#IT`Yoc;Lr<e)``}XYGv2Dwy4eQpdTCr@&q6PEj%$hN6%A^V7#*7*MF!@4!ARxDexXu-TW zvt~@2GHJrNF{4Hd8w$q%_K$C0K7Dxi=GBX5PaZw^=dXKrZr%9f+Hb!MT)A}N+?i7+ zjvP9$Z_lnB+qP`lux`z&70Z?^S}{*PaodBdG+Gi zlSdE!`Rm@DTQ~l=_S-K5S1w&RcjnZIBZm&`+p}xOwk?}BtXs2c#j+)f7R;M7YsR!G zlO~KCGit=JpT7E3FF3$8Zm4r82{rR-@bhM@b1m47tfwNdhpL* z_wL-f@yE5_ei^uO>B6})r%oI>bYS0}T|2gI*|cHZnpG>7Em^c+-ke!8rcIeNVceKe zBZdtHMUlvuee%C5sl!n=@<1v?-G&j2km*#IT`Y{BQmE_T|%ucW++3c=qJcgMa?IcjwlP zKd$}u%fOXO7tWnIb>hgO1N-*u+OciRrVZ=XtXi>b$)W}G=FFNgZOWtxELp zr$4@Z`Sju4n^!NMJ$dxtpTF+ixpm`@Yrp+6aOKj4b7xMSICAK~zCF8kY}>MF!@4!A zRxDexXu-TWvt~@2GHJrNF{4Hd8w$q%mXB{=K7Dxi=GBX5PaZw^=dXKrZr%9f+Hb!M zT)A}N+?i7+jvP9$Z_lnB+qP`lux`z&70Z?^S}(;DVv24kr1@q?2nlWw4qzU83j2ba)C>WMUlvuee%C5sl!n=@<1v?-G& zj2km*#IT`Y{EvQo`||0-yEm_1JbUu!!9Rc9yL0QtAJ=~SW#G!C3+K+9I&tLCfqi>+ z?bx@nW3=M9s|h=gypZ>x~n~Mvfdhuy4<<9ot^n^3tXa>(;DVv24kr1ux8-Gi%1QDU&9Q8w=N& z58ple=BqD0`{c<-A3S>R!M!`TZd|)^>B2jMb7xMy^~Q-~BS#J$*tcibj%}}Od1=#z zb!%3wShi%*f*0n^nKfhDlt~lDjfLyaeE9C!H(!16*(Xmv`ry%f5ANN$b>rHVOBdc5 zoI7*stv5~_8#!|5z`i}Zc5HiP%S)R!tXs2c#j+)f7Q8TT&a4^Jrc9bJZY*4X<%jQ{ zee=~9pMCP=qYoav_u$^0TQ{yAARuXy$AR1+`4h?%B2hM49=Z7 z_0}6Fj*T2SbYS0}T|2hDvgM^s8`iB^wPM+lMGIb-H)qz2X;UUm7&jKK(;vQj_RUvc zeD=wck3M+x-h+F0Zr!+c<)G8=hlsDS1w(6XK?P!skh!Z zactzsp#%H&?Ao#Il`SuA+OTfTsujzYEL!lwyg9RGOq()k!nm<;{pBCNd-ly&Uwrn- zlaD@l^xlJecW&LdcIDEAcLwLqoOb$)W`> z%$qZ7#k*I)MGyJz2g^~GnOJo)H@NAEqjcjwlPYgaB^cxQ0#%&E8DIB{&` z$e{!K_UziR?UgMrZQ8JI&8ij4mMmKE!n`@NW=xwhX~MX%aGm<_-Lr4L`r@-so_zGd zqxT-%yL0QtwJVn{yfZj==G0qnoH#aen9X4Q&iOBOA7Vcwis zGp0?MG-2FWxc=0K@1A}0)fb{5;L&>z z?%la{>-!*|cV`Ra?$K6&!d2an!+aPQ8o z8`rK}y7126+?i8vy>a5$$dN+__U+lVW7{iRUfQ%_-I`S^mMvMd;Dvc}X3dy3WzvLk zW8wOXKYaJ>o3Fn3?2{)SeemeL2lwvWx^eBwr3>#2&Yd~+)*B~|jT||2VBelyJGQ;D z<)uv<)~#8!V%d^K3tpHvXV#2qQzlIqHx{nH=)-r_ zT)Obi;M|#0Z@qEi*vOGX2lnmRwPV{WTVC3x0w{Bd!a_Pc5 zgL7w2z4gY4VcJ0{q%9fWlZCJNv z)rw_H7A<&T-ke!8rcIeNVcb}_{(=wRJ^SXXFFyO^$wwbNdhfx#JGX9JyK?EmJA-p) zPQCTUiDM&24jtIHXV;ExuWWf~(}s0xR;^gJWYK~b=FOQkW7?ES6UL2&>(Br2-Lr4L z`r@-so_zGdqxT-%yL0QtwJVn{yfZj==G0qnoH#aen9X4Q&i zOBOA7VcwisGp0?MG-2FWxQ>7L?%6kAeeu~RPd@tK(R&Z>-MMw++LcQe-Wi-bbLy=( zP8=IKa_GRmJ-c>ndu7W@n>MUlvuee%C5slkFmKMR8PldrnlNrGTz}%jchA20>Wj}l zdGgT*kKTK5@6N3o*REW;@Xp}enNx4QapKs>kwXXe?b)?s+bdgM+O%QanpG>7Em^eS zg?V#k&6qZ2(u8qi;rjDFeD~~|ufF)~lP4d2@aVk<_wL-faqY^b3-1ihojLW^8z+v9 z965Ag-=1ANw!O0DrA-^wty#5V*^)&IUYIv$){JRWCQTSO7Op?{!*|cV`Ra?$K6&!d z2an!+aPQ8o8`rK}y7126+?i8vy>a5$$dN+__U+lVW7{iRUfQ%_-I`S^mMvMd;Dvc} zX3dy3WzvLkW8pgX;k#$weD%d=pFH{KgGcW@xOeB)jcZpfU3h13?#!vT-Z*h=(J4g#8lry*(Laai7@~g)(LaXhA40Sb(cg#Y??UvqA=-rKZ$k9f zA^NKjEkpE|A^M9D{dtH&i2gK0e-ffU4$(A3e-xrW4ACEiXcD5|57F<1=y${Kgx?Oo z6+Rn&GyF#Q_3&%qSHrJ_Uk<+%elh$)`1$a2;b+6ogr5#S6@D`OMELRWW8p``kAxo% zKNNm2{6P5r@O|NX!}o;m4&N2NGkiz*_V8`tTf?`6Zw}uSzA=15`1pNM_-6S3j9ea`;_Gkj_X literal 0 HcmV?d00001 diff --git a/libcli/ldap/tests/data/ldap-recursive.dat b/libcli/ldap/tests/data/ldap-recursive.dat new file mode 100644 index 0000000000000000000000000000000000000000..dd18d857660df41c30024264d4623680a9404613 GIT binary patch literal 970 zcmXqLVm`*i$ei57yq|@EixGsFz=)BNVWC1hcYab. + * + */ + +/* + * from cmocka.c: + * These headers or their equivalents should be included prior to + * including + * this header file. + * + * #include + * #include + * #include + * + * This allows test applications to use custom definitions of C standard + * library functions and types. + * + */ +#include +#include +#include +#include + +#include "lib/util/attr.h" +#include "includes.h" +#include "lib/util/asn1.h" +#include "libcli/ldap/ldap_message.h" +#include "libcli/ldap/ldap_proto.h" + +/* + * declare the internal cmocka cm_print so we can output messages in + * sub unit format + */ +void cm_print_error(const char * const format, ...); +/* + * helper function and macro to compare an ldap error code constant with the + * coresponding nt_status code + */ +#define NT_STATUS_LDAP_V(code) (0xF2000000 | code) +static void _assert_ldap_status_equal( + int a, + NTSTATUS b, + const char * const file, + const int line) +{ + _assert_int_equal(NT_STATUS_LDAP_V(a), NT_STATUS_V(b), file, line); +} + +#define assert_ldap_status_equal(a, b) \ + _assert_ldap_status_equal((a), (b), __FILE__, __LINE__) + +/* + * helper function and macro to assert there were no errors in the last + * file operation + */ +static void _assert_not_ferror( + FILE *f, + const char * const file, + const int line) +{ + if (f == NULL || ferror(f)) { + cm_print_error("ferror (%d) %s\n", errno, strerror(errno)); + _fail(file, line); + } +} + +#define assert_not_ferror(f) \ + _assert_not_ferror((f), __FILE__, __LINE__) + +struct test_ctx { +}; + +static int setup(void **state) +{ + struct test_ctx *test_ctx; + + test_ctx = talloc_zero(NULL, struct test_ctx); + *state = test_ctx; + return 0; +} + +static int teardown(void **state) +{ + struct test_ctx *test_ctx = talloc_get_type_abort(*state, + struct test_ctx); + + TALLOC_FREE(test_ctx); + return 0; +} + +/* + * Test that an empty request is handled correctly + */ +static void test_empty_input(void **state) +{ + struct test_ctx *test_ctx = talloc_get_type_abort( + *state, + struct test_ctx); + struct asn1_data *asn1; + struct ldap_message *ldap_msg; + NTSTATUS status; + uint8_t buf[0]; + size_t len = 0; + + + asn1 = asn1_init(test_ctx, ASN1_MAX_TREE_DEPTH); + assert_non_null(asn1); + + asn1_load_nocopy(asn1, buf, len); + + ldap_msg = talloc(test_ctx, struct ldap_message); + assert_non_null(ldap_msg); + + status = ldap_decode(asn1, samba_ldap_control_handlers(), ldap_msg); + assert_ldap_status_equal(LDAP_PROTOCOL_ERROR, status); +} + +/* + * Check that a request is rejected it it's recursion depth exceeds + * the maximum value specified. This test uses a very deeply nested query, + * 10,000 or clauses. + * + */ +static void test_recursion_depth_large(void **state) +{ + struct test_ctx *test_ctx = talloc_get_type_abort( + *state, + struct test_ctx); + struct asn1_data *asn1; + struct ldap_message *ldap_msg; + NTSTATUS status; + FILE *f = NULL; + uint8_t *buffer = NULL; + const size_t BUFF_SIZE = 1048576; + size_t len; + + + /* + * Load a test data file containg 10,000 or clauses in encoded as + * an ASN.1 packet. + */ + buffer = talloc_zero_array(test_ctx, uint8_t, BUFF_SIZE); + f = fopen("./libcli/ldap/tests/data/10000-or.dat", "r"); + assert_not_ferror(f); + len = fread(buffer, sizeof(uint8_t), BUFF_SIZE, f); + assert_not_ferror(f); + assert_true(len > 0); + + asn1 = asn1_init(test_ctx, ASN1_MAX_TREE_DEPTH); + assert_non_null(asn1); + asn1_load_nocopy(asn1, buffer, len); + + ldap_msg = talloc(test_ctx, struct ldap_message); + assert_non_null(ldap_msg); + + status = ldap_decode(asn1, samba_ldap_control_handlers(), ldap_msg); + assert_ldap_status_equal(LDAP_PROTOCOL_ERROR, status); +} + +/* + * Check that a request is not rejected it it's recursion depth equals the + * maximum value + */ +static void test_recursion_depth_equals_max(void **state) +{ + struct test_ctx *test_ctx = talloc_get_type_abort( + *state, + struct test_ctx); + struct asn1_data *asn1; + struct ldap_message *ldap_msg; + NTSTATUS status; + FILE *f = NULL; + uint8_t *buffer = NULL; + const size_t BUFF_SIZE = 1048576; + size_t len; + + + buffer = talloc_zero_array(test_ctx, uint8_t, BUFF_SIZE); + f = fopen("./libcli/ldap/tests/data/ldap-recursive.dat", "r"); + assert_not_ferror(f); + len = fread(buffer, sizeof(uint8_t), BUFF_SIZE, f); + assert_not_ferror(f); + assert_true(len > 0); + + asn1 = asn1_init(test_ctx, 4); + assert_non_null(asn1); + asn1_load_nocopy(asn1, buffer, len); + + ldap_msg = talloc(test_ctx, struct ldap_message); + assert_non_null(ldap_msg); + + status = ldap_decode(asn1, samba_ldap_control_handlers(), ldap_msg); + assert_true(NT_STATUS_IS_OK(status)); +} + +/* + * Check that a request is rejected it it's recursion depth is greater than the + * maximum value + */ +static void test_recursion_depth_greater_than_max(void **state) +{ + struct test_ctx *test_ctx = talloc_get_type_abort( + *state, + struct test_ctx); + struct asn1_data *asn1; + struct ldap_message *ldap_msg; + NTSTATUS status; + FILE *f = NULL; + uint8_t *buffer = NULL; + const size_t BUFF_SIZE = 1048576; + size_t len; + + + buffer = talloc_zero_array(test_ctx, uint8_t, BUFF_SIZE); + f = fopen("./libcli/ldap/tests/data/ldap-recursive.dat", "r"); + assert_not_ferror(f); + len = fread(buffer, sizeof(uint8_t), BUFF_SIZE, f); + assert_not_ferror(f); + assert_true(len > 0); + + asn1 = asn1_init(test_ctx, 3); + assert_non_null(asn1); + asn1_load_nocopy(asn1, buffer, len); + + ldap_msg = talloc(test_ctx, struct ldap_message); + assert_non_null(ldap_msg); + + status = ldap_decode(asn1, samba_ldap_control_handlers(), ldap_msg); + assert_ldap_status_equal(LDAP_PROTOCOL_ERROR, status); +} + +int main(_UNUSED_ int argc, _UNUSED_ const char **argv) +{ + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown( + test_empty_input, + setup, + teardown), + cmocka_unit_test_setup_teardown( + test_recursion_depth_large, + setup, + teardown), + cmocka_unit_test_setup_teardown( + test_recursion_depth_equals_max, + setup, + teardown), + cmocka_unit_test_setup_teardown( + test_recursion_depth_greater_than_max, + setup, + teardown), + }; + + cmocka_set_message_output(CM_OUTPUT_SUBUNIT); + return cmocka_run_group_tests(tests, NULL, NULL); +} diff --git a/libcli/ldap/wscript_build b/libcli/ldap/wscript_build index db5b1df497a..a646685c751 100644 --- a/libcli/ldap/wscript_build +++ b/libcli/ldap/wscript_build @@ -6,3 +6,18 @@ bld.SAMBA_LIBRARY('cli-ldap-common', private_headers='ldap_message.h ldap_errors.h ldap_ndr.h', deps='samba-util asn1util NDR_SECURITY tevent', private_library=True) + +bld.SAMBA_BINARY( + 'test_ldap_message', + source='tests/ldap_message_test.c', + deps=''' + cmocka + talloc + ldb + samba-util + asn1util + NDR_SECURITY + cli-ldap + ''', + for_selftest=True +) diff --git a/selftest/knownfail.d/ldap_message b/selftest/knownfail.d/ldap_message new file mode 100644 index 00000000000..242eff45e59 --- /dev/null +++ b/selftest/knownfail.d/ldap_message @@ -0,0 +1,2 @@ +^libcli.ldap.ldap_message.test_recursion_depth_greater_than_max\(none\) +^libcli.ldap.ldap_message.test_recursion_depth_large\(none\) diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index 82c846dbab1..0a806b8fed6 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -1376,6 +1376,8 @@ plantestsuite("librpc.ndr.ndr", "none", [os.path.join(bindir(), "test_ndr")]) plantestsuite("librpc.ndr.ndr_macros", "none", [os.path.join(bindir(), "test_ndr_macros")]) +plantestsuite("libcli.ldap.ldap_message", "none", + [os.path.join(bindir(), "test_ldap_message")]) # process restart and limit tests, these break the environment so need to run # in their own specific environment