samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-06 13:18:07 +03:00

Author	SHA1	Message	Date
Gary Lockyer	490bbb96b9	libprc ndr tests: Fix ndrdump test ntlmssp_CHALLENGE_MESSAGE Fix the expected data in fuzzed_ntlmssp-CHALLENGE_MESSAGE.txt, as it contained source code line numbers. Andrew this test needs to be altered to us a regular expression and remove the dependency on source line numbers. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2020-02-07 08:53:40 +00:00
Gary Lockyer	14182350f8	librpc ndr: ndr_pull_advance check for unsigned overflow. Handle uint32 overflow in ndr_pull_advance Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2020-02-07 08:53:40 +00:00
Gary Lockyer	d1277f4d02	librpc ndr tests: Unsigned overflow in ndr_pull_advance Check that uint32 overflow is handled correctly by ndr_pull_advance. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2020-02-07 08:53:40 +00:00
Gary Lockyer	6d05fb3ea7	librpc ndr: NDR_PULL_ALIGN check for unsigned overflow Handle uint32 overflow in NDR_PULL_ALIGN Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2020-02-07 08:53:40 +00:00
Gary Lockyer	46edde8647	librpc ndr tests: uint32 overflow in NDR_PULL_ALIGN Check that uint32 overflow is handled correctly by NDR_NEED_BYTES. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2020-02-07 08:53:40 +00:00
Gary Lockyer	ae6927e4f0	librpc ndr: Heap-buffer-overflow in lzxpress_decompress Reproducer for oss-fuzz Issue 20083 Project: samba Fuzzing Engine: libFuzzer Fuzz Target: fuzz_ndr_drsuapi_TYPE_OUT Job Type: libfuzzer_asan_samba Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x6040000002fd Crash State: lzxpress_decompress ndr_pull_compression_xpress_chunk ndr_pull_compression_start Sanitizer: address (ASAN) Recommended Security Severity: Medium Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2020-02-07 08:53:40 +00:00

6 Commits