1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

CVE-2022-3437 s4/auth/tests: Add unit tests for unwrap_des3()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton 2022-10-12 13:55:39 +13:00 committed by Jule Anger
parent ec456766d5
commit c8e85295c9
4 changed files with 1279 additions and 0 deletions

View File

@ -0,0 +1,9 @@
^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_dce_style_missing_payload.none
^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_dce_style_with_seal_missing_payload.none
^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_missing_8_bytes.none
^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_missing_payload.none
^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_truncated_header_0.none
^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_truncated_header_1.none
^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_with_padding_truncated_0.none
^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_with_padding_truncated_1.none
^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_with_seal_missing_payload.none

View File

@ -47,6 +47,8 @@ with_pam = ("WITH_PAM" in config_hash)
with_elasticsearch_backend = ("HAVE_SPOTLIGHT_BACKEND_ES" in config_hash)
pam_wrapper_so_path = config_hash.get("LIBPAM_WRAPPER_SO_PATH")
pam_set_items_so_path = config_hash.get("PAM_SET_ITEMS_SO_PATH")
have_heimdal_support = "SAMBA4_USES_HEIMDAL" in config_hash
using_system_gssapi = "USING_SYSTEM_GSSAPI" in config_hash
planpythontestsuite("none", "samba.tests.source")
planpythontestsuite("none", "samba.tests.source_chars")
@ -449,6 +451,9 @@ plantestsuite("samba.unittests.test_oLschema2ldif", "none",
[os.path.join(bindir(), "default/source4/utils/oLschema2ldif/test_oLschema2ldif")])
plantestsuite("samba.unittests.auth.sam", "none",
[os.path.join(bindir(), "test_auth_sam")])
if have_heimdal_support and not using_system_gssapi:
plantestsuite("samba.unittests.auth.heimdal_gensec_unwrap_des", "none",
[valgrindify(os.path.join(bindir(), "test_heimdal_gensec_unwrap_des"))])
if with_elasticsearch_backend:
plantestsuite("samba.unittests.mdsparser_es", "none",
[os.path.join(bindir(), "default/source3/test_mdsparser_es")] + [configuration])

File diff suppressed because it is too large Load Diff

View File

@ -60,6 +60,27 @@ bld.SAMBA_BINARY('test_auth_sam',
'''
)
bld.SAMBA_BINARY('test_heimdal_gensec_unwrap_des',
source='tests/heimdal_unwrap_des.c',
deps='cmocka talloc gssapi-subsystem',
local_include=False,
for_selftest=True,
enabled=(bld.CONFIG_SET('SAMBA4_USES_HEIMDAL') and
not bld.CONFIG_SET('USING_SYSTEM_GSSAPI')),
ldflags='''
-Wl,--wrap,ct_memcmp
-Wl,--wrap,der_get_length
-Wl,--wrap,krb5_auth_con_getlocalsubkey
-Wl,--wrap,krb5_crypto_destroy
-Wl,--wrap,krb5_crypto_init
-Wl,--wrap,krb5_decrypt
-Wl,--wrap,krb5_decrypt_ivec
-Wl,--wrap,krb5_free_keyblock
-Wl,--wrap,krb5_verify_checksum
-Wl,--wrap,malloc
'''
)
pytalloc_util = bld.pyembed_libname('pytalloc-util')
pyparam_util = bld.pyembed_libname('pyparam_util')
pyldb_util = bld.pyembed_libname('pyldb-util')