samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

History

Gary Lockyer ae6927e4f0 librpc ndr: Heap-buffer-overflow in lzxpress_decompress Reproducer for oss-fuzz Issue 20083 Project: samba Fuzzing Engine: libFuzzer Fuzz Target: fuzz_ndr_drsuapi_TYPE_OUT Job Type: libfuzzer_asan_samba Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x6040000002fd Crash State: lzxpress_decompress ndr_pull_compression_xpress_chunk ndr_pull_compression_start Sanitizer: address (ASAN) Recommended Security Severity: Medium Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>		2020-02-07 08:53:40 +00:00
..
libndr.h	librpc ndr: Heap-buffer-overflow in lzxpress_decompress	2020-02-07 08:53:40 +00:00
ndr_auth.c
ndr_auth.h
ndr_backupkey.c	librpc:ndr: Initialize inblob	2018-11-14 05:07:15 +01:00
ndr_backupkey.h
ndr_basic.c	ndr basic: Check ndr_token_store return code	2020-01-09 21:49:00 +00:00
ndr_bkupblobs.c
ndr_cab.c	librpc/ndr: Remove unused ndr_cab_generate_checksum()	2019-11-29 00:44:40 +00:00
ndr_cab.h	librpc/ndr: Remove unused ndr_cab_generate_checksum()	2019-11-29 00:44:40 +00:00
ndr_compression.c	librpc/ndr/ndr_compression.c: typo fixes	2019-10-31 00:43:36 +00:00
ndr_compression.h	librpc/ndr: add helper functions to setup and free compression states.	2017-07-19 21:22:13 +02:00
ndr_dcerpc.c	dcerpc.idl: set LIBNDR_FLAG_* flags based on DCERPC_PFC_FLAG_OBJECT_UUID and DCERPC_DREP_LE	2016-10-26 11:20:18 +02:00
ndr_dcerpc.h
ndr_dns.c	ndr_dns: fix pushing unknown resource records	2018-01-04 00:37:21 +01:00
ndr_dns.h
ndr_dnsp.c	librpc: Do not access name[-1] trying to push "" into a dnsp_name	2019-12-20 11:33:52 +00:00
ndr_dnsp.h
ndr_dnsserver.c
ndr_dnsserver.h
ndr_drsblobs.c
ndr_drsblobs.h
ndr_drsuapi.c	librpc: Fix manually written printer for drsuapi_DsAttributeValue	2019-12-18 06:39:26 +00:00
ndr_drsuapi.h
ndr_frsrpc.c
ndr_frsrpc.h
ndr_ioctl.c
ndr_krb5pac.c
ndr_krb5pac.h
ndr_misc.c	ndr_misc: read syntax_id using strict util_str_hex functions	2018-05-31 01:57:16 +02:00
ndr_nbt.c	librpc/ndr: add ndr_print_netlogon_samlogon_response()	2019-09-26 18:41:26 +00:00
ndr_nbt.h	librpc/ndr: add ndr_print_netlogon_samlogon_response()	2019-09-26 18:41:26 +00:00
ndr_negoex.c	negoex: Set the switch_value before NDR_BUFFERS to prepare for new libndr behaviour	2019-12-12 02:30:40 +00:00
ndr_negoex.h	build: Get rid of hardcoded 'bin/default' in includes	2019-02-08 08:51:19 +01:00
ndr_netlogon.c
ndr_netlogon.h
ndr_ntlmssp.c	pidl: Add and use ndr_print_steal_switch_value(), removing ndr_print_get_switch_value()	2019-12-12 02:30:40 +00:00
ndr_ntlmssp.h
ndr_ntprinting.c
ndr_ntprinting.h
ndr_orpc.c	ndr_orpc: properly allocate empty DUALSTRINGARRAY	2019-11-20 04:41:28 +00:00
ndr_preg.c
ndr_preg.h
ndr_rap.c
ndr_rap.h
ndr_schannel.c	pidl: Add and use ndr_print_steal_switch_value(), removing ndr_print_get_switch_value()	2019-12-12 02:30:40 +00:00
ndr_schannel.h
ndr_sec_helper.c	librpc: Set the switch_value before NDR_BUFFERS to prepare for new libndr behaviour	2019-12-12 02:30:40 +00:00
ndr_spoolss_buf.c	librpc: pidlify spoolss_EnumPerMachineConnections	2020-01-08 23:51:31 +00:00
ndr_spoolss_buf.h	librpc: pidlify spoolss_EnumPerMachineConnections	2020-01-08 23:51:31 +00:00
ndr_string.c	librpc: Fix string length checking in ndr_pull_charset_to_null()	2019-12-20 07:35:41 +00:00
ndr_svcctl.c
ndr_svcctl.h
ndr_table.c	librpc: Do not return an NDR table for a zero GUID	2019-11-14 08:01:43 +00:00
ndr_table.h
ndr_witness.c
ndr_witness.h
ndr_wmi.c
ndr_wmi.h
ndr_xattr.c
ndr_xattr.h
ndr.c	librpc: Use PRIu32 printf specifiers	2020-01-23 19:11:34 +00:00
util.c	librpc:ndr: Implement ndr_zero_memory()	2019-02-14 15:59:25 +01:00
uuid.c	ndr: Init variables of GUID_from_data_blob()	2018-10-19 23:11:26 +02:00