1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

lib/fuzzing: adjust access-check seed patch

Now that access_check.c includes headers for conditional ACEs, the patch
should take that into account.

Also, we check for a talloc failure.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Douglas Bagnall 2023-07-21 10:51:29 +12:00 committed by Andrew Bartlett
parent ea4caa45ab
commit cc17c3e21d

View File

@ -1,4 +1,4 @@
From bf2adac3a271fae551a726dc21dc9111bd7320be Mon Sep 17 00:00:00 2001
From b461fdf28c71b54ad5ebe663ea09212856e61973 Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Mon, 17 Jul 2023 16:17:16 +1200
Subject: [PATCH 1/2] libcli/security: save access check attempts for fuzz
@ -36,23 +36,23 @@ down much, but it will capture your SIDs and ACLs.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
---
libcli/security/access_check.c | 76 ++++++++++++++++++++++++++++++++++
1 file changed, 76 insertions(+)
libcli/security/access_check.c | 79 ++++++++++++++++++++++++++++++++++
1 file changed, 79 insertions(+)
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index 81bacc90e78..9c3e4cfe966 100644
index 1364a15f4dd..d79a247455a 100644
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -24,6 +24,8 @@
#include "replace.h"
#include "lib/util/debug.h"
@@ -26,6 +26,8 @@
#include "libcli/security/security.h"
#include "librpc/gen_ndr/conditional_ace.h"
#include "libcli/security/conditional_ace.h"
+#include "ndr/libndr.h"
+#include "gen_ndr/ndr_security.h"
/* Map generic access rights to object specific rights. This technique is
used to give meaning to assigning read, write, execute and all access to
@@ -103,6 +105,74 @@ void se_map_standard(uint32_t *access_mask, const struct standard_mapping *mappi
@@ -105,6 +107,77 @@ void se_map_standard(uint32_t *access_mask, const struct standard_mapping *mappi
}
}
@ -101,6 +101,9 @@ index 81bacc90e78..9c3e4cfe966 100644
+ }
+ }
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ return false;
+ }
+
+ n++;
+ ndr_err = ndr_push_struct_blob(
@ -127,7 +130,7 @@ index 81bacc90e78..9c3e4cfe966 100644
/*
perform a SEC_FLAG_MAXIMUM_ALLOWED access check
*/
@@ -115,6 +185,8 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd,
@@ -117,6 +190,8 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd,
bool have_owner_rights_ace = false;
unsigned i;
@ -136,7 +139,7 @@ index 81bacc90e78..9c3e4cfe966 100644
if (sd->dacl == NULL) {
if (security_token_has_sid(token, sd->owner_sid)) {
switch (implicit_owner_rights) {
@@ -211,6 +283,8 @@ static NTSTATUS se_access_check_implicit_owner(const struct security_descriptor
@@ -222,6 +297,8 @@ static NTSTATUS se_access_check_implicit_owner(const struct security_descriptor
bool am_owner = false;
bool have_owner_rights_ace = false;
@ -145,7 +148,7 @@ index 81bacc90e78..9c3e4cfe966 100644
*access_granted = access_desired;
bits_remaining = access_desired;
@@ -528,6 +602,8 @@ NTSTATUS sec_access_check_ds_implicit_owner(const struct security_descriptor *sd
@@ -613,6 +690,8 @@ NTSTATUS sec_access_check_ds_implicit_owner(const struct security_descriptor *sd
uint32_t bits_remaining;
struct dom_sid self_sid;
@ -158,7 +161,7 @@ index 81bacc90e78..9c3e4cfe966 100644
2.34.1
From d79328bdac90ed16b9162cbfe10a4ed8bedbc073 Mon Sep 17 00:00:00 2001
From 12bf242cece202658fe61f1c7408709d092632ea Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Tue, 18 Jul 2023 16:07:11 +1200
Subject: [PATCH 2/2] scripts: a script for deduplicating fuzz-seeds