4 Commits

Author	SHA1	Message	Date
Stefan Metzmacher	cefa9be9d7	librpc/tests: make use of replace.h in test_ndr*.c ... This fixes the build on FreeBSD 12.1 and maybe other systems. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2020-03-27 09:02:37 +00:00
Gary Lockyer	d1277f4d02	librpc ndr tests: Unsigned overflow in ndr_pull_advance ... Check that uint32 overflow is handled correctly by ndr_pull_advance. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2020-02-07 08:53:40 +00:00
Gary Lockyer	46edde8647	librpc ndr tests: uint32 overflow in NDR_PULL_ALIGN ... Check that uint32 overflow is handled correctly by NDR_NEED_BYTES. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2020-02-07 08:53:40 +00:00
Gary Lockyer	ae6927e4f0	librpc ndr: Heap-buffer-overflow in lzxpress_decompress ... Reproducer for oss-fuzz Issue 20083 Project: samba Fuzzing Engine: libFuzzer Fuzz Target: fuzz_ndr_drsuapi_TYPE_OUT Job Type: libfuzzer_asan_samba Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x6040000002fd Crash State: lzxpress_decompress ndr_pull_compression_xpress_chunk ndr_pull_compression_start Sanitizer: address (ASAN) Recommended Security Severity: Medium Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2020-02-07 08:53:40 +00:00