1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/lib/fuzzing
Douglas Bagnall b3f92b475c lib/fuzzing: fuzz_sddl_parse: allow non-round-trip with long strings
There is a borderline case where a conditional ACE unicode string
becomes longer than the SDDL parser wants to handle when control
characters are given canonical escaping. This can make the round trip
fail, but it isn't really a problem.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-26 23:45:36 +00:00
..
oss-fuzz lib:fuzzing: Fix code spelling 2023-04-03 03:56:35 +00:00
patches lib/fuzzing: adjust access-check seed patch 2023-09-26 23:45:35 +00:00
afl-fuzz-main.c fuzz:afl main: run the initialisation function 2021-03-16 17:09:32 +00:00
decode_ndr_X_crash decode_ndr_X_crash: always find pipe in honggfuzz file 2020-01-12 19:50:37 +00:00
fuzz_cli_credentials_parse_string.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_conditional_ace_blob.c lib/fuzzing: fuzz_conditional_ace_blob 2023-09-26 23:45:35 +00:00
fuzz_dcerpc_parse_binding.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ldap_decode.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ldb_comparison_fold.c fuzz: add fuzzer for ldb_comparison_fold 2023-08-08 04:39:39 +00:00
fuzz_ldb_dn_explode.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ldb_ldif_read.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ldb_parse_binary_decode.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ldb_parse_control.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ldb_parse_tree.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_lzxpress_compress.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_lzxpress_huffman_compress.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_lzxpress_huffman_decompress.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_lzxpress_huffman_round_trip.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_lzxpress_round_trip.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_lzxpress.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ndr_X.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_nmblib_parse_packet.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_oLschema2ldif.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_parse_lpq_entry.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_reg_parse.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_regfio.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_sddl_access_check.c lib/fuzzing: adapt fuzz_sddl_access_check for claims 2023-09-26 23:45:35 +00:00
fuzz_sddl_conditional_ace.c lib/fuzzing: fuzz SDDL conditional ACEs 2023-09-26 23:45:35 +00:00
fuzz_sddl_parse.c lib/fuzzing: fuzz_sddl_parse: allow non-round-trip with long strings 2023-09-26 23:45:36 +00:00
fuzz_security_token_vs_descriptor.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_sess_crypt_blob.c fuzz: add fuzzer for sess_crypt_blob 2023-08-08 04:39:39 +00:00
fuzz_stable_sort_r.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_stable_sort.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_tiniparser.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzzing.c
fuzzing.h lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
README.md lib/fuzzing/README.md: don't use waf directly 2022-03-29 22:32:32 +00:00
wscript_build lib/fuzzing: fuzz_conditional_ace_blob 2023-09-26 23:45:35 +00:00

Fuzzing Samba

See also https://wiki.samba.org/index.php/Fuzzing

Fuzzing supplies valid, invalid, unexpected or random data as input to a piece of code. Instrumentation, usually compiler-implemented, is used to monitor for exceptions such as crashes, assertions or memory corruption.

See Wikipedia article on fuzzing for more information.

Honggfuzz

Configure with fuzzing

Example command line to build binaries for use with honggfuzz:

./configure -C --without-gettext --enable-debug --enable-developer \
	--address-sanitizer --enable-libfuzzer --abi-check-disable \
	CC=.../honggfuzz/hfuzz_cc/hfuzz-clang \
	LINK_CC=.../honggfuzz/hfuzz_cc/hfuzz-clang

Fuzzing tiniparser

Example for fuzzing tiniparser using honggfuzz (see --help for more options):

make bin/fuzz_tiniparser && \
.../honggfuzz/honggfuzz --sanitizers --timeout 3 --max_file_size 256 \
  --rlimit_rss 100 -f .../tiniparser-corpus -- bin/fuzz_tiniparser

AFL (american fuzzy lop)

Configure with fuzzing

Example command line to build binaries for use with afl

./configure -C --without-gettext --enable-debug --enable-developer \
	--enable-afl-fuzzer --abi-check-disable \
	CC=afl-gcc

Fuzzing tiniparser

Example for fuzzing tiniparser using afl-fuzz (see --help for more options):

make bin/fuzz_tiniparser build && \
afl-fuzz -m 200 -i inputdir -o outputdir -- bin/fuzz_tiniparser

oss-fuzz

Samba can be fuzzed by Google's oss-fuzz system. Assuming you have an oss-fuzz checkout from https://github.com/google/oss-fuzz with Samba's metadata in projects/samba, the following guides will help:

Testing locally

https://google.github.io/oss-fuzz/getting-started/new-project-guide/#testing-locally

Debugging oss-fuzz

See https://google.github.io/oss-fuzz/advanced-topics/debugging/

Samba-specific hints

A typical debugging workflow is:

oss-fuzz$ python infra/helper.py shell samba git fetch $REMOTE $BRANCH git checkout FETCH_HEAD lib/fuzzing/oss-fuzz/build_image.sh compile

This will pull in any new Samba deps and build Samba's fuzzers.

vim: set sw=8 sts=8 ts=8 tw=79 :