mirror of
https://github.com/samba-team/samba.git
synced 2025-01-07 17:18:11 +03:00
af61444d7a
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
77 lines
3.5 KiB
Python
77 lines
3.5 KiB
Python
# Unix SMB/CIFS implementation. Tests for smbd fuzzing.
|
|
# Copyright (C) Jeremy Allison 2019.
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation; either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
|
|
import samba
|
|
import os
|
|
import binascii
|
|
import socket
|
|
|
|
class fuzzsmbd(samba.tests.TestCase):
|
|
def test_bug_14205(self):
|
|
#
|
|
# badblob consists of an incorrectly
|
|
# terminated SMB1 Negprot, with a valid SessionSetup after.
|
|
# BUG: #14205 causes the smbd server to crash.
|
|
#
|
|
state = True
|
|
badblob = binascii.a2b_base64("AAAA1P9TTUJyAAAAABhDyAAAAAAAAAAAAAAAACcA/v8AAAAAALEAAlBDIE5F"
|
|
"VFdPUksgUFJPR1JBTSD//jAAAk1JQ1JPU09GVCBOR1RXT1JLUyAxLjANDAJN"
|
|
"SR3hkXOl0mb+QXW4Da/jp0f+AAAA1P9TTUJyAAAAABgDyAAABDQAAAAAAAAA"
|
|
"ACcA/v8AAAAAALEAAlBDIE5FVFdPUksgUFJPR1JBFBX//jAAAk1JQ1JPU09G"
|
|
"VCBOR1RXT1JLUyAxLjANDAJNSR3hkUal0mb+QXW4Da/jp0f+AAAA1P9TTUJz"
|
|
"LTE0OEF1uA2v46dH/gqAIIwiAoRiVHWgODu8OdksJQAAAAAnAP7/AAAAAACx"
|
|
"AAJQQyBORVRXT1JLIFBST0dSQU0g//4wAAJNSUNST1NPRlQgTkdUV09SS1Mg"
|
|
"MS4wDQwCTUkd4ZFGpdJm/kF1uA2v46dH/gAAANT/U01Ccy0xNDgyMTIyOTE3"
|
|
"Nzk2MzIAAAAAGAPIAAAAAAAAAAAAAAAAJwD+/wAAAAAAsQACUEMgTkVUV09S"
|
|
"SyBQUk9HUkFNIP/+MAACTUlDUk9TT0ZUIE5HVFdPUktTIDEuMA0GAAAAAAAA"
|
|
"AKXSZv5BdbgNr+OnR/4AAADU/1NNQnMtMTQ4MjEyMjkxNzc5NjMyNDQ4NDNA"
|
|
"ujcyNjgAsQACUEMgTkVUF09SSyAgAAAAAAAAAP/+MAACTUlDUk9TT0bAIE5H"
|
|
"BwAtMjMxODIxMjE4MTM5OTU0ODA2OP5BdbgNr+OnR/4KgCCMIgKEYlR1oDg7"
|
|
"vDnZLCWy")
|
|
s = None
|
|
try:
|
|
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
|
s.connect(("fileserver", 445))
|
|
s.send(badblob)
|
|
# Read the 39-byte SMB1 reply to the SMB1 Negprot.
|
|
# This is an error message saying the Negprot was
|
|
# invalid.
|
|
rb = s.recv(1024)
|
|
try:
|
|
# Read again to wait for the server to exit.
|
|
rb = s.recv(1024)
|
|
except socket.error as e:
|
|
# We expect a socket error here as
|
|
# in both success and fail cases the
|
|
# server just resets the connection.
|
|
pass
|
|
finally:
|
|
pass
|
|
finally:
|
|
if s is not None:
|
|
s.close()
|
|
#
|
|
# If the server crashed there is the
|
|
# following message in the debug log.
|
|
#
|
|
for line in open(os.environ['SMBD_TEST_LOG']):
|
|
if "INTERNAL ERROR: Signal 11 in pid" in line:
|
|
print("Found crash in smbd log")
|
|
state = False
|
|
break
|
|
self.assertTrue(state)
|