[SCM] Samba Shared Repository - branch master updated
Uri Simchoni
uri at samba.org
Fri Oct 18 08:55:02 UTC 2019
The branch, master has been updated
via 25b1e478ec5 s3/dump_core: Have a newline towards the end of log message
via c4e902be722 Add fuzzing binary for ldb_parse_tree
via de7c78335de Add fuzzing binary for ldap_decode
via f9c39237adf Add fuzzing binary for lzxpress
via a42a5a42f79 Add fuzzing binary for regfio
via 6b6df73b4ce regfio: Allow ignoring of checksum
via e477a94ffd3 Add fuzzing binary for reg_parse
via 799a1f65f6c Build registry parsing code into subsystem
from 68155811aba samba-tool: Add facility to add rfc2307 attributes to an already created user or group
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 25b1e478ec5e8ac40d41013a824311824482fa67
Author: Anoop C S <anoopcs at redhat.com>
Date: Wed Oct 16 14:33:06 2019 +0530
s3/dump_core: Have a newline towards the end of log message
Signed-off-by: Anoop C S <anoopcs at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>
Autobuild-User(master): Uri Simchoni <uri at samba.org>
Autobuild-Date(master): Fri Oct 18 08:54:04 UTC 2019 on sn-devel-184
commit c4e902be7226e596d7bbba8baf4389eeab0ca8b6
Author: Michael Hanselmann <public at hansmi.ch>
Date: Fri Apr 12 00:46:49 2019 +0200
Add fuzzing binary for ldb_parse_tree
Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>
commit de7c78335de63f95f97f946aec287b7bb87f6b47
Author: Michael Hanselmann <public at hansmi.ch>
Date: Wed Apr 10 01:20:36 2019 +0200
Add fuzzing binary for ldap_decode
Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>
commit f9c39237adfaf1ea223e5c810d019f433af95cf0
Author: Michael Hanselmann <public at hansmi.ch>
Date: Wed Apr 10 00:36:03 2019 +0200
Add fuzzing binary for lzxpress
Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>
commit a42a5a42f79cc886d752de1645638e24c600c4d0
Author: Michael Hanselmann <public at hansmi.ch>
Date: Thu Apr 4 02:26:26 2019 +0200
Add fuzzing binary for regfio
Checksums are better ignored during fuzzing, hence a flag is added to
the regfio parser to disable checksums.
Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>
commit 6b6df73b4ce20286b1b7370750d11d0d648d7752
Author: Michael Hanselmann <public at hansmi.ch>
Date: Mon Sep 23 21:53:55 2019 +0000
regfio: Allow ignoring of checksum
In order to get good coverage fuzzing code has to either calculate
checksums correctly or to disable their verification. This change
implements the latter for the "REGF_FILE" structure used by the
"regfio_*" family of functions.
Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>
commit e477a94ffd3795d7d8aa83e899e9b0f2f9860a79
Author: Michael Hanselmann <public at hansmi.ch>
Date: Fri Apr 5 00:50:09 2019 +0200
Add fuzzing binary for reg_parse
A temporary file is used to store the fuzzing input.
Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>
commit 799a1f65f6cc80256b6e140b7763396d76d4a830
Author: Michael Hanselmann <public at hansmi.ch>
Date: Mon Sep 23 21:47:51 2019 +0000
Build registry parsing code into subsystem
Fuzzing code will make use of the "reg_parse_fd" function. By building
it into the "SMBREGISTRY" subsystem it can just be linked and
"reg_parse.c" doesn't need to be explicitly included.
Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>
-----------------------------------------------------------------------
Summary of changes:
.../{fuzz_oLschema2ldif.c => fuzz_ldap_decode.c} | 38 ++++++------
.../{fuzz_tiniparser.c => fuzz_ldb_parse_tree.c} | 25 +++++---
lib/fuzzing/{fuzz_tiniparser.c => fuzz_lzxpress.c} | 14 ++---
.../fuzzing/fuzz_reg_parse.c | 41 ++++++++-----
lib/fuzzing/fuzz_regfio.c | 68 ++++++++++++++++++++++
lib/fuzzing/wscript_build | 35 +++++++++++
source3/lib/dumpcore.c | 2 +-
source3/registry/regfio.c | 3 +-
source3/registry/regfio.h | 7 +++
source3/utils/wscript_build | 1 -
source3/wscript_build | 1 +
11 files changed, 184 insertions(+), 51 deletions(-)
copy lib/fuzzing/{fuzz_oLschema2ldif.c => fuzz_ldap_decode.c} (60%)
copy lib/fuzzing/{fuzz_tiniparser.c => fuzz_ldb_parse_tree.c} (68%)
copy lib/fuzzing/{fuzz_tiniparser.c => fuzz_lzxpress.c} (82%)
copy source3/modules/nfs4acl_xattr_nfs.h => lib/fuzzing/fuzz_reg_parse.c (55%)
create mode 100644 lib/fuzzing/fuzz_regfio.c
Changeset truncated at 500 lines:
diff --git a/lib/fuzzing/fuzz_oLschema2ldif.c b/lib/fuzzing/fuzz_ldap_decode.c
similarity index 60%
copy from lib/fuzzing/fuzz_oLschema2ldif.c
copy to lib/fuzzing/fuzz_ldap_decode.c
index 4dd5668e673..85e0e38983e 100644
--- a/lib/fuzzing/fuzz_oLschema2ldif.c
+++ b/lib/fuzzing/fuzz_ldap_decode.c
@@ -1,5 +1,5 @@
/*
- Fuzzing for oLschema2ldif
+ Fuzzing for ldap_decode.
Copyright (C) Michael Hanselmann 2019
This program is free software; you can redistribute it and/or modify
@@ -17,35 +17,39 @@
*/
#include "includes.h"
-#include "fuzzing.h"
-#include "utils/oLschema2ldif/lib.h"
-
-static FILE *devnull;
+#include "fuzzing/fuzzing.h"
+#include "lib/util/asn1.h"
+#include "libcli/ldap/ldap_message.h"
+#include "libcli/ldap/ldap_proto.h"
int LLVMFuzzerInitialize(int *argc, char ***argv)
{
- devnull = fopen("/dev/null", "w");
-
return 0;
}
int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
{
- TALLOC_CTX *mem_ctx;
- struct conv_options opt;
-
- mem_ctx = talloc_init(__FUNCTION__);
+ TALLOC_CTX *mem_ctx = talloc_init(__FUNCTION__);
+ struct asn1_data *asn1;
+ struct ldap_message *ldap_msg;
+ NTSTATUS status;
- opt.in = fmemopen(buf, len, "r");
- opt.out = devnull;
- opt.ldb_ctx = ldb_init(mem_ctx, NULL);
+ asn1 = asn1_init(mem_ctx);
+ if (!asn1) {
+ goto out;
+ }
- opt.basedn = ldb_dn_new(mem_ctx, opt.ldb_ctx, "");
+ asn1_load_nocopy(asn1, buf, len);
- process_file(mem_ctx, &opt);
+ ldap_msg = talloc(mem_ctx, struct ldap_message);
+ if (!ldap_msg) {
+ goto out;
+ }
- fclose(opt.in);
+ status = ldap_decode(asn1, samba_ldap_control_handlers(), ldap_msg);
+ printf("%s\n", nt_errstr(status));
+out:
talloc_free(mem_ctx);
return 0;
diff --git a/lib/fuzzing/fuzz_tiniparser.c b/lib/fuzzing/fuzz_ldb_parse_tree.c
similarity index 68%
copy from lib/fuzzing/fuzz_tiniparser.c
copy to lib/fuzzing/fuzz_ldb_parse_tree.c
index a6e2ef7c2fe..f0f02148142 100644
--- a/lib/fuzzing/fuzz_tiniparser.c
+++ b/lib/fuzzing/fuzz_ldb_parse_tree.c
@@ -1,5 +1,5 @@
/*
- Fuzzing for trivial smb.conf parsing code.
+ Fuzzing for ldb_parse_tree
Copyright (C) Michael Hanselmann 2019
This program is free software; you can redistribute it and/or modify
@@ -17,8 +17,9 @@
*/
#include "includes.h"
-#include "fuzzing.h"
-#include "lib/util/tiniparser.h"
+#include "fuzzing/fuzzing.h"
+#include "ldb.h"
+#include "ldb_module.h"
int LLVMFuzzerInitialize(int *argc, char ***argv)
{
@@ -27,13 +28,23 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
{
- FILE *fp;
+ TALLOC_CTX *mem_ctx = talloc_init(__FUNCTION__);
+ struct ldb_parse_tree *tree;
+ char *filter;
- fp = fmemopen(buf, len, "r");
+ if (len < 1) {
+ return 0;
+ }
- tiniparser_load_stream(fp);
+ filter = talloc_strndup(mem_ctx, (const char*)buf, len);
- fclose(fp);
+ if (filter == NULL) {
+ return 0;
+ }
+
+ tree = ldb_parse_tree(mem_ctx, filter);
+
+ talloc_free(mem_ctx);
return 0;
}
diff --git a/lib/fuzzing/fuzz_tiniparser.c b/lib/fuzzing/fuzz_lzxpress.c
similarity index 82%
copy from lib/fuzzing/fuzz_tiniparser.c
copy to lib/fuzzing/fuzz_lzxpress.c
index a6e2ef7c2fe..61ce9e6f9c0 100644
--- a/lib/fuzzing/fuzz_tiniparser.c
+++ b/lib/fuzzing/fuzz_lzxpress.c
@@ -1,5 +1,5 @@
/*
- Fuzzing for trivial smb.conf parsing code.
+ Fuzzing for lzxpress_decompress
Copyright (C) Michael Hanselmann 2019
This program is free software; you can redistribute it and/or modify
@@ -17,8 +17,8 @@
*/
#include "includes.h"
-#include "fuzzing.h"
-#include "lib/util/tiniparser.h"
+#include "fuzzing/fuzzing.h"
+#include "lzxpress.h"
int LLVMFuzzerInitialize(int *argc, char ***argv)
{
@@ -27,13 +27,9 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
{
- FILE *fp;
+ static uint8_t output[1024 * 1024] = {0};
- fp = fmemopen(buf, len, "r");
-
- tiniparser_load_stream(fp);
-
- fclose(fp);
+ lzxpress_decompress(buf, len, output, sizeof(output));
return 0;
}
diff --git a/source3/modules/nfs4acl_xattr_nfs.h b/lib/fuzzing/fuzz_reg_parse.c
similarity index 55%
copy from source3/modules/nfs4acl_xattr_nfs.h
copy to lib/fuzzing/fuzz_reg_parse.c
index 3c4109c4813..36b1b6f84ac 100644
--- a/source3/modules/nfs4acl_xattr_nfs.h
+++ b/lib/fuzzing/fuzz_reg_parse.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) Ralph Boehme 2018
+ * Fuzzing for reg_parse
+ * Copyright (C) Michael Hanselmann 2019
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -13,24 +14,34 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
- *
*/
-#ifndef __NFS4ACL_XATTR_NFS_H__
-#define __NFS4ACL_XATTR_NFS_H__
+#include "includes.h"
+#include "fuzzing/fuzzing.h"
+#include "lib/util/fault.h"
+#include "registry.h"
+#include "registry/reg_parse.h"
+
+static FILE *fp;
+
+int LLVMFuzzerInitialize(int *argc, char ***argv)
+{
+ fp = tmpfile();
-#define NFS4ACL_NFS_XATTR_NAME "system.nfs4_acl"
+ return 0;
+}
-struct SMB4ACL_T;
+int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
+{
+ const reg_parse_callback cb = {0};
+ int ret;
-NTSTATUS nfs4acl_nfs_blob_to_smb4(struct vfs_handle_struct *handle,
- TALLOC_CTX *mem_ctx,
- DATA_BLOB *blob,
- struct SMB4ACL_T **_smb4acl);
+ rewind(fp);
+ (void)fwrite(buf, len, 1, fp);
+ (void)fflush(fp);
+ rewind(fp);
-NTSTATUS nfs4acl_smb4acl_to_nfs_blob(vfs_handle_struct *handle,
- TALLOC_CTX *mem_ctx,
- struct SMB4ACL_T *smbacl,
- DATA_BLOB *blob);
+ ret = reg_parse_fd(fileno(fp), &cb, "");
-#endif /* __NFS4ACL_XATTR_NFS_H__ */
+ return 0;
+}
diff --git a/lib/fuzzing/fuzz_regfio.c b/lib/fuzzing/fuzz_regfio.c
new file mode 100644
index 00000000000..c4ced88801b
--- /dev/null
+++ b/lib/fuzzing/fuzz_regfio.c
@@ -0,0 +1,68 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Windows NT registry I/O library
+ * Copyright (C) Michael Hanselmann 2019
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "fuzzing/fuzzing.h"
+#include "system/filesys.h"
+#include "lib/util/fault.h"
+#include "registry/reg_objects.h"
+#include "registry/regfio.h"
+
+static FILE *fp;
+static char filename[128];
+
+int LLVMFuzzerInitialize(int *argc, char ***argv)
+{
+ fp = tmpfile();
+
+ (void)snprintf(filename, sizeof(filename), "/proc/self/fd/%d", fileno(fp));
+
+ return 0;
+}
+
+int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
+{
+ REGF_FILE* regfile;
+ REGF_NK_REC *nk, *subkey;
+
+ rewind(fp);
+ (void)fwrite(buf, len, 1, fp);
+ (void)fflush(fp);
+
+ regfile = regfio_open(filename, O_RDONLY, 0600);
+ if (!regfile) {
+ goto out;
+ }
+
+ regfile->ignore_checksums = true;
+
+ nk = regfio_rootkey(regfile);
+ if (nk != NULL) {
+ nk->subkey_index = 0;
+ while ((subkey = regfio_fetch_subkey(regfile, nk))) {
+ }
+ }
+
+out:
+ if (regfile != NULL) {
+ regfio_close(regfile);
+ }
+
+ return 0;
+}
diff --git a/lib/fuzzing/wscript_build b/lib/fuzzing/wscript_build
index 9c73c59c259..7305ce41262 100644
--- a/lib/fuzzing/wscript_build
+++ b/lib/fuzzing/wscript_build
@@ -18,3 +18,38 @@ bld.SAMBA_BINARY('fuzz_oLschema2ldif',
install=False,
enabled=bld.env.enable_libfuzzer,
)
+
+bld.SAMBA_BINARY('fuzz_reg_parse',
+ source='fuzz_reg_parse.c',
+ deps='fuzzing samba3-util smbconf REGFIO',
+ install=False,
+ enabled=bld.env.enable_libfuzzer,
+ )
+
+bld.SAMBA_BINARY('fuzz_regfio',
+ source='fuzz_regfio.c',
+ deps='fuzzing samba3-util smbconf REGFIO',
+ install=False,
+ enabled=bld.env.enable_libfuzzer,
+ )
+
+bld.SAMBA_BINARY('fuzz_lzxpress',
+ source='fuzz_lzxpress.c',
+ deps='fuzzing LZXPRESS',
+ install=False,
+ enabled=bld.env.enable_libfuzzer,
+ )
+
+bld.SAMBA_BINARY('fuzz_ldap_decode',
+ source='fuzz_ldap_decode.c',
+ deps='fuzzing cli-ldap',
+ install=False,
+ enabled=bld.env.enable_libfuzzer,
+ )
+
+bld.SAMBA_BINARY('fuzz_ldb_parse_tree',
+ source='fuzz_ldb_parse_tree.c',
+ deps='fuzzing ldb',
+ install=False,
+ enabled=bld.env.enable_libfuzzer
+ )
diff --git a/source3/lib/dumpcore.c b/source3/lib/dumpcore.c
index 6c305ab81d7..0c9120689df 100644
--- a/source3/lib/dumpcore.c
+++ b/source3/lib/dumpcore.c
@@ -315,7 +315,7 @@ void dump_core_setup(const char *progname, const char *log_file)
DEBUG(0,("dumping core in %s\n", corepath));
} else {
DEBUG(0,("coredump is handled by helper binary "
- "specified at /proc/sys/kernel/core_pattern"));
+ "specified at /proc/sys/kernel/core_pattern\n"));
}
}
diff --git a/source3/registry/regfio.c b/source3/registry/regfio.c
index 4c6271cda7a..930ac834d1a 100644
--- a/source3/registry/regfio.c
+++ b/source3/registry/regfio.c
@@ -482,7 +482,7 @@ static bool read_regf_block( REGF_FILE *file )
prs_mem_free( &ps );
- if ( file->checksum != checksum ) {
+ if ( file->checksum != checksum && !file->ignore_checksums) {
DEBUG(0,("read_regf_block: invalid checksum\n" ));
return False;
}
@@ -1242,6 +1242,7 @@ out:
}
ZERO_STRUCTP( rb );
rb->fd = -1;
+ rb->ignore_checksums = false;
if ( !(rb->mem_ctx = talloc_init( "regfio_open" )) ) {
regfio_close( rb );
diff --git a/source3/registry/regfio.h b/source3/registry/regfio.h
index 23a44c9c88a..172427f1985 100644
--- a/source3/registry/regfio.h
+++ b/source3/registry/regfio.h
@@ -199,6 +199,13 @@ typedef struct {
REGF_SK_REC *sec_desc_list; /* list of security descriptors referenced by NK records */
+ /* Ignore checksums in input data. Used by fuzzing code to allow more
+ * coverage without having to calcuate a valid checksum. The checksums
+ * are merely to detect data corruption and don't provide a security
+ * value.
+ */
+ bool ignore_checksums;
+
/* unknowns used to simply writing */
uint32_t unknown1;
diff --git a/source3/utils/wscript_build b/source3/utils/wscript_build
index 3e0539b2cea..2e6d61d4cd4 100644
--- a/source3/utils/wscript_build
+++ b/source3/utils/wscript_build
@@ -225,7 +225,6 @@ bld.SAMBA3_BINARY('net',
net_notify.c
net_tdb.c
net_vfs.c
- ../registry/reg_parse.c
../registry/reg_format.c
../registry/reg_import.c
net_registry_util.c
diff --git a/source3/wscript_build b/source3/wscript_build
index 94ea02ba61e..fb7c04cce13 100644
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -220,6 +220,7 @@ bld.SAMBA3_SUBSYSTEM('SMBREGISTRY',
lib/util_nttoken.c
registry/reg_backend_db.c
registry/reg_parse_internal.c
+ registry/reg_parse.c
lib/srprs.c
registry/reg_init_basic.c
''',
--
Samba Shared Repository
More information about the samba-cvs
mailing list