sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code
120,519 Commits 60 Branches 1,144 Tags 452 MiB
e4ad001378
Commit Graph

120519 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrew Bartlett
f4ff9a0794 lib/fuzzing: Also confirm we can make a string filter from the parsed tree in fuzz_ldb_parse_tree 
This also avoids tree being an unused variable.

This is similar to doing an ndr_push() in ndr_fuzz_X, it
catches some of the cases where the parse is successful but
the application code could misinterpret the structure.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2019-12-10 07:50:28 +00:00
Andrew Bartlett
000d86f537 lib/fuzzing: Tell the compiler we know we are ignoring errors in fuzz_reg_parse 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2019-12-10 07:50:28 +00:00
Andrew Bartlett
a9a8bcf731 lib/fuzzer: Allow building a fuzz binary for just one interface 
This helps direct the fuzzer at a particular function that we are concerned about.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2019-12-10 07:50:28 +00:00
Andrew Bartlett
c16e4dcad9 lib/fuzzer: Remove rudundent install=False flag from fuzz_ndr_X build rule 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2019-12-10 07:50:28 +00:00
Andrew Bartlett
6f7a9e8788 lib/fuzzing: Link only the required NDR_ subsystems into ndr_fuzz_X binaries 
This reduces the binary size and shows that we are linked against the correct
ndr_table_ global variable.  This might help the fuzzing engine know there
is not much more of the binary to find if unreachable code is not included.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2019-12-10 07:50:28 +00:00
Andrew Bartlett
3ca76f5907 librpc: Fill in full deps for NDR_* subsystems 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2019-12-10 07:50:28 +00:00
Douglas Bagnall
c35fe03a63 fuzzing/decode_ndr_X: read crashes from a HONGGFUZZ report 
In theory, you should be able to run honggfuzz and go

$ lib/fuzzing/decode_ndr_X_crash -H HONGGFUZZ-REPORT.txt > crash-crash-crash.sh

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 07:50:28 +00:00
Douglas Bagnall
afe866086c lib/fuzzing/decode_ndr_X: print less by default, avoid pipe 
ndrdump can now take base64 input directly.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 07:50:28 +00:00
Douglas Bagnall
c0043e2352 fuzzing: Add script decode_ndr_X_crash to decode crash results 
This interprets a file that crashes an fuzz_ndr_X binary

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 07:50:28 +00:00
Douglas Bagnall
e737988641 dcerpc: developer option to save ndr_fuzz_X seeds 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 07:50:28 +00:00
Douglas Bagnall
7b265830ad lib/fuzzing: add fuzz_ndr_X 
This NDR fuzzer links with each "interface" in the IDL files to
create avsingle binary.  This tries to matches what the fuzzing
engines desire.

It started as a copy of ndrdump but very little of that remains
in place.

The fancy build rules try to avoid needing a lof of boilerplate
in the wscript_build files and ensure new fuzzers are generated
and run when new IDL is added automatically.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 07:50:28 +00:00
Douglas Bagnall
ef5d79e24b pidl/tests/samba-ndr.pl: remove duplicate import 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Dec 10 04:16:31 UTC 2019 on sn-devel-184
 2019-12-10 04:16:31 +00:00
Douglas Bagnall
fbe402edf5 pidl s4::Python: silence warnings 
- do not redeclare variables in the same scope.
- use $1 instead of \1, which perl just prefers.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 02:53:35 +00:00
Douglas Bagnall
51a11afecf pidl Parse::Pidl::NDR: silence two warnings about undefined strings 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 02:53:35 +00:00
Douglas Bagnall
3c90c9de6f pidl Parse::Pidl::NDR: add HRESULT alignment 
this is a guess

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 02:53:35 +00:00
Douglas Bagnall
33255102ac pidl Parse::Pidl::NDR: warn of unknown scalar alignments 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 02:53:35 +00:00
Douglas Bagnall
4de002a0f7 pidl s4::NDR::Parser: silence a warning 
At level 0 there is no previous level so $pl is undefined thus so is ->{TYPE}

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 02:53:35 +00:00
Douglas Bagnall
aefce8e7c0 pidl s4::NDR::Parser: correct has_fast_array logic 
Here we fix two bugs that cancelled each other out completely, so this
patch leaves us with exactly the same functionally as before.

Bug 1: In perl, return is *syntactically* a function.

That means 'return X or Y' is read as 'return(X) or Y', as in the
'open(X) or die "..."' construct -- Y is only evaluated if return
returns false. But return never returns, so Y is dead code. If in
doubt, try these:

perl -e "sub x {return 0 or die;} x"
perl -e "sub x {return (0 or die);} x"

What we *meant* here is 'return (X or Y)', BUT it turns out we were
confused -- the Y case was bogus.

Bug 2: string arrays never had "fast array logic" in the first place.

The fast array logic is for arrays of bytes, and can be fast (i.e.
memcpy) because there is no endianness to worry about. A string array
is an array of pointers not bytes.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 02:53:35 +00:00
Douglas Bagnall
2765b5c1a2 pidl s4::NDR::Parser: read hex numbers as numbers for ranges 
Hex numbers in IDL are not parsed as numbers, resulting in warnings
like

Argument 0x2000 isn't numeric in numeric lt (<) at /home/douglas/src/samba/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm line 981

not to mention problematic code. We add a utility function to convert
these numbers to numbers.

A typical difference this makes is:

 --- old/default/librpc/gen_ndr/ndr_dcerpc.c     2019-11-30 23:40:32.915816967 +1300
 +++ new/default/librpc/gen_ndr/ndr_dcerpc.c     2019-11-30 17:00:09.055733660 +1300
 @@ -1893,7 +1893,7 @@
         if (ndr_flags & NDR_SCALARS) {
                 NDR_CHECK(ndr_pull_align(ndr, 4));
                 NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->ReceiveWindowSize));
 -               if (r->ReceiveWindowSize > 0x40000) {
 +               if (r->ReceiveWindowSize < 8192 || r->ReceiveWindowSize > 262144) {
                         return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
                 }
                 NDR_CHECK(ndr_pull_trailer_align(ndr, 4));

Where the minimum ("0x2000" == 8192) was read as a string, thus
treated as zero.

The treatment as zero was introduced in 142b2a61f8
accidentially, which shows why warnings are important.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 02:53:35 +00:00
Douglas Bagnall
efef4366f1 pidl: use perl warnings 
Warnings are good. If we turn on warnings with 'use warnings', we will
see bugs that have lain latent for years.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 02:53:34 +00:00
Andrew Bartlett
b6913830bf librpc/ndr: Do not follow a client-supplied NULL pointer in _print_drsuapi_DsAttributeValue_attid() 
This is not a security issue as it only happens when printing the structure
during debugging, not normal production.

Found by Michael Hanselmann using an NDR fuzzer and Hongfuzz.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2019-12-10 02:53:34 +00:00
Andrew Bartlett
f786cdf5e8 selftest: Add ndrdump tests for malformed drsuapi traffic 
Thanks to Douglas Bagnall for the samples, produced from seeds
generated by Samba's make test traffic, fuzzed by ndr_fuzz_X
and Hongfuzz.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2019-12-10 02:53:34 +00:00
Andreas Schneider
83ffe6752d pidl: Remove Parse/Yapp/Driver.pm 
This file is provided by Parse::Yapp and on install we overwrite the
orignal file.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Dec 10 01:54:02 UTC 2019 on sn-devel-184
 2019-12-10 01:54:02 +00:00
Isaac Boukris
fe2577a40c smbdes: remove old unused DES builtin-crypto 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:31 +00:00
Isaac Boukris
b5d8f1f78a sess_crypt_blob can only crypt blobs whose size divides by 8 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:31 +00:00
Isaac Boukris
a75ca8d5d5 session: convert sess_crypt_blob to use gnutls 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:31 +00:00
Isaac Boukris
dcc33103d5 smbdes: convert des_crypt112_16 to use gnutls 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:31 +00:00
Isaac Boukris
254739137b smbdes: convert des_crypt112 to use gnutls 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:31 +00:00
Isaac Boukris
dce944e8a1 smbdes: convert E_old_pw_hash to use gnutls 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:31 +00:00
Isaac Boukris
c57f429574 smbdes: convert des_crypt128() to use gnutls 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:30 +00:00
Isaac Boukris
a5548af018 smbdes: convert E_P24() and SMBOWFencrypt to use gnutls 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:30 +00:00
Isaac Boukris
2eef12904f smbdes: remove D_P16() (not used) 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:30 +00:00
Isaac Boukris
9fb6361a8b smbdes: convert E_P16() to use gnutls 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:30 +00:00
Isaac Boukris
ecee199803 smbdes: convert sam_rid_crypt() to use gnutls 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:30 +00:00
Isaac Boukris
bbcf568f31 SMBsesskeygen_lm_sess_key: use gnutls and return NTSTATUS 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:30 +00:00
Isaac Boukris
38189f76d8 netlogon_creds_des_encrypt/decrypt_LMKey: use gnutls and return NTSTATUS 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:30 +00:00
Isaac Boukris
0f855f1ab9 smbdes: add des_crypt56_gnutls() using DES-CBC with zeroed IV 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:30 +00:00
Isaac Boukris
2c470c8035 selftest: test sess_crypt_blob 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:30 +00:00
Isaac Boukris
6c5f153e47 selftest: test SMBsesskeygen_lm_sess_key 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:30 +00:00
Isaac Boukris
a4ec427e54 selftest: test des_crypt112_16 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:30 +00:00
Isaac Boukris
394debac6b selftest: test des_crypt112 and fix (unused) decryption 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:30 +00:00
Isaac Boukris
e2f8f686d1 selftest: test des_crypt128 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:30 +00:00
Isaac Boukris
8f042ba532 selftest: test E_old_pw_hash 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:29 +00:00
Isaac Boukris
dfad082596 selftest: test E_P24 and SMBOWFencrypt 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:29 +00:00
Isaac Boukris
0923f94bdc selftest: test sam_rid_crypt 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:29 +00:00
Isaac Boukris
7044a41a30 selftest: test E_P16 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:29 +00:00
Isaac Boukris
07b4606f89 libcli/auth: test des_crypt56() and add test_gnutls to selftest 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:29 +00:00
Andreas Schneider
01f531ba6b auth:tests: Only enable torture_gnutls_aes_128_cfb() on GnuTLS >= 3.6.11 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:29 +00:00
Andreas Schneider
1c65f1fddb auth:tests: Improve debug output of test_gnutls 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:29 +00:00
Andreas Schneider
adfdcc4791 s3:lib: Move NULL check before messaging_dgm_out_rearm_idle_timer() 
We dereference out in messaging_dgm_out_rearm_idle_timer().

Found by covscan.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2019-12-10 00:30:29 +00:00