mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
CVE-2022-3437 s4/auth/tests: Add unit tests for unwrap_des3()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
ec456766d5
commit
c8e85295c9
9
selftest/knownfail.d/heimdal-des-overflow
Normal file
9
selftest/knownfail.d/heimdal-des-overflow
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_dce_style_missing_payload.none
|
||||||
|
^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_dce_style_with_seal_missing_payload.none
|
||||||
|
^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_missing_8_bytes.none
|
||||||
|
^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_missing_payload.none
|
||||||
|
^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_truncated_header_0.none
|
||||||
|
^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_truncated_header_1.none
|
||||||
|
^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_with_padding_truncated_0.none
|
||||||
|
^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_with_padding_truncated_1.none
|
||||||
|
^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_with_seal_missing_payload.none
|
@ -47,6 +47,8 @@ with_pam = ("WITH_PAM" in config_hash)
|
|||||||
with_elasticsearch_backend = ("HAVE_SPOTLIGHT_BACKEND_ES" in config_hash)
|
with_elasticsearch_backend = ("HAVE_SPOTLIGHT_BACKEND_ES" in config_hash)
|
||||||
pam_wrapper_so_path = config_hash.get("LIBPAM_WRAPPER_SO_PATH")
|
pam_wrapper_so_path = config_hash.get("LIBPAM_WRAPPER_SO_PATH")
|
||||||
pam_set_items_so_path = config_hash.get("PAM_SET_ITEMS_SO_PATH")
|
pam_set_items_so_path = config_hash.get("PAM_SET_ITEMS_SO_PATH")
|
||||||
|
have_heimdal_support = "SAMBA4_USES_HEIMDAL" in config_hash
|
||||||
|
using_system_gssapi = "USING_SYSTEM_GSSAPI" in config_hash
|
||||||
|
|
||||||
planpythontestsuite("none", "samba.tests.source")
|
planpythontestsuite("none", "samba.tests.source")
|
||||||
planpythontestsuite("none", "samba.tests.source_chars")
|
planpythontestsuite("none", "samba.tests.source_chars")
|
||||||
@ -449,6 +451,9 @@ plantestsuite("samba.unittests.test_oLschema2ldif", "none",
|
|||||||
[os.path.join(bindir(), "default/source4/utils/oLschema2ldif/test_oLschema2ldif")])
|
[os.path.join(bindir(), "default/source4/utils/oLschema2ldif/test_oLschema2ldif")])
|
||||||
plantestsuite("samba.unittests.auth.sam", "none",
|
plantestsuite("samba.unittests.auth.sam", "none",
|
||||||
[os.path.join(bindir(), "test_auth_sam")])
|
[os.path.join(bindir(), "test_auth_sam")])
|
||||||
|
if have_heimdal_support and not using_system_gssapi:
|
||||||
|
plantestsuite("samba.unittests.auth.heimdal_gensec_unwrap_des", "none",
|
||||||
|
[valgrindify(os.path.join(bindir(), "test_heimdal_gensec_unwrap_des"))])
|
||||||
if with_elasticsearch_backend:
|
if with_elasticsearch_backend:
|
||||||
plantestsuite("samba.unittests.mdsparser_es", "none",
|
plantestsuite("samba.unittests.mdsparser_es", "none",
|
||||||
[os.path.join(bindir(), "default/source3/test_mdsparser_es")] + [configuration])
|
[os.path.join(bindir(), "default/source3/test_mdsparser_es")] + [configuration])
|
||||||
|
1244
source4/auth/tests/heimdal_unwrap_des.c
Normal file
1244
source4/auth/tests/heimdal_unwrap_des.c
Normal file
File diff suppressed because it is too large
Load Diff
@ -60,6 +60,27 @@ bld.SAMBA_BINARY('test_auth_sam',
|
|||||||
'''
|
'''
|
||||||
)
|
)
|
||||||
|
|
||||||
|
bld.SAMBA_BINARY('test_heimdal_gensec_unwrap_des',
|
||||||
|
source='tests/heimdal_unwrap_des.c',
|
||||||
|
deps='cmocka talloc gssapi-subsystem',
|
||||||
|
local_include=False,
|
||||||
|
for_selftest=True,
|
||||||
|
enabled=(bld.CONFIG_SET('SAMBA4_USES_HEIMDAL') and
|
||||||
|
not bld.CONFIG_SET('USING_SYSTEM_GSSAPI')),
|
||||||
|
ldflags='''
|
||||||
|
-Wl,--wrap,ct_memcmp
|
||||||
|
-Wl,--wrap,der_get_length
|
||||||
|
-Wl,--wrap,krb5_auth_con_getlocalsubkey
|
||||||
|
-Wl,--wrap,krb5_crypto_destroy
|
||||||
|
-Wl,--wrap,krb5_crypto_init
|
||||||
|
-Wl,--wrap,krb5_decrypt
|
||||||
|
-Wl,--wrap,krb5_decrypt_ivec
|
||||||
|
-Wl,--wrap,krb5_free_keyblock
|
||||||
|
-Wl,--wrap,krb5_verify_checksum
|
||||||
|
-Wl,--wrap,malloc
|
||||||
|
'''
|
||||||
|
)
|
||||||
|
|
||||||
pytalloc_util = bld.pyembed_libname('pytalloc-util')
|
pytalloc_util = bld.pyembed_libname('pytalloc-util')
|
||||||
pyparam_util = bld.pyembed_libname('pyparam_util')
|
pyparam_util = bld.pyembed_libname('pyparam_util')
|
||||||
pyldb_util = bld.pyembed_libname('pyldb-util')
|
pyldb_util = bld.pyembed_libname('pyldb-util')
|
||||||
|
Loading…
Reference in New Issue
Block a user