1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/lib/fuzzing
Douglas Bagnall ea4caa45ab lib/fuzzing: fuzz_conditional_ace_blob
This parses the blob as a conditional ACE, and if possible tries
decompiling it into SDDL.

There are not many round-trip assertions we can honestly make, but we
keep the trip going as long as possible, in case it reveals anything.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-26 23:45:35 +00:00
..
oss-fuzz lib:fuzzing: Fix code spelling 2023-04-03 03:56:35 +00:00
patches lib/fuzzing: patch for collecting fuzz_security_token_vs_descriptor seeds 2023-07-19 03:31:30 +00:00
afl-fuzz-main.c fuzz:afl main: run the initialisation function 2021-03-16 17:09:32 +00:00
decode_ndr_X_crash decode_ndr_X_crash: always find pipe in honggfuzz file 2020-01-12 19:50:37 +00:00
fuzz_cli_credentials_parse_string.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_conditional_ace_blob.c lib/fuzzing: fuzz_conditional_ace_blob 2023-09-26 23:45:35 +00:00
fuzz_dcerpc_parse_binding.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ldap_decode.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ldb_comparison_fold.c fuzz: add fuzzer for ldb_comparison_fold 2023-08-08 04:39:39 +00:00
fuzz_ldb_dn_explode.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ldb_ldif_read.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ldb_parse_binary_decode.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ldb_parse_control.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ldb_parse_tree.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_lzxpress_compress.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_lzxpress_huffman_compress.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_lzxpress_huffman_decompress.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_lzxpress_huffman_round_trip.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_lzxpress_round_trip.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_lzxpress.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ndr_X.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_nmblib_parse_packet.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_oLschema2ldif.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_parse_lpq_entry.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_reg_parse.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_regfio.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_sddl_access_check.c lib/fuzzing: adapt fuzz_sddl_access_check for claims 2023-09-26 23:45:35 +00:00
fuzz_sddl_conditional_ace.c lib/fuzzing: fuzz SDDL conditional ACEs 2023-09-26 23:45:35 +00:00
fuzz_sddl_parse.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_security_token_vs_descriptor.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_sess_crypt_blob.c fuzz: add fuzzer for sess_crypt_blob 2023-08-08 04:39:39 +00:00
fuzz_stable_sort_r.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_stable_sort.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_tiniparser.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzzing.c
fuzzing.h lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
README.md lib/fuzzing/README.md: don't use waf directly 2022-03-29 22:32:32 +00:00
wscript_build lib/fuzzing: fuzz_conditional_ace_blob 2023-09-26 23:45:35 +00:00

Fuzzing Samba

See also https://wiki.samba.org/index.php/Fuzzing

Fuzzing supplies valid, invalid, unexpected or random data as input to a piece of code. Instrumentation, usually compiler-implemented, is used to monitor for exceptions such as crashes, assertions or memory corruption.

See Wikipedia article on fuzzing for more information.

Honggfuzz

Configure with fuzzing

Example command line to build binaries for use with honggfuzz:

./configure -C --without-gettext --enable-debug --enable-developer \
	--address-sanitizer --enable-libfuzzer --abi-check-disable \
	CC=.../honggfuzz/hfuzz_cc/hfuzz-clang \
	LINK_CC=.../honggfuzz/hfuzz_cc/hfuzz-clang

Fuzzing tiniparser

Example for fuzzing tiniparser using honggfuzz (see --help for more options):

make bin/fuzz_tiniparser && \
.../honggfuzz/honggfuzz --sanitizers --timeout 3 --max_file_size 256 \
  --rlimit_rss 100 -f .../tiniparser-corpus -- bin/fuzz_tiniparser

AFL (american fuzzy lop)

Configure with fuzzing

Example command line to build binaries for use with afl

./configure -C --without-gettext --enable-debug --enable-developer \
	--enable-afl-fuzzer --abi-check-disable \
	CC=afl-gcc

Fuzzing tiniparser

Example for fuzzing tiniparser using afl-fuzz (see --help for more options):

make bin/fuzz_tiniparser build && \
afl-fuzz -m 200 -i inputdir -o outputdir -- bin/fuzz_tiniparser

oss-fuzz

Samba can be fuzzed by Google's oss-fuzz system. Assuming you have an oss-fuzz checkout from https://github.com/google/oss-fuzz with Samba's metadata in projects/samba, the following guides will help:

Testing locally

https://google.github.io/oss-fuzz/getting-started/new-project-guide/#testing-locally

Debugging oss-fuzz

See https://google.github.io/oss-fuzz/advanced-topics/debugging/

Samba-specific hints

A typical debugging workflow is:

oss-fuzz$ python infra/helper.py shell samba git fetch $REMOTE $BRANCH git checkout FETCH_HEAD lib/fuzzing/oss-fuzz/build_image.sh compile

This will pull in any new Samba deps and build Samba's fuzzers.

vim: set sw=8 sts=8 ts=8 tw=79 :