[SCM] Samba Shared Repository - branch master updated

Andreas Schneider asn at samba.org
Fri Jan 17 14:34:05 UTC 2020


The branch, master has been updated
       via  6c7b722b3fa fuzz_oLschema2ldif: check multiple possible NULLs
       via  6786ec2c963 fuzzing: check for NULL on ldb_init()
      from  75367e4b067 librpc: add clusapi_GroupSetControlCode enum

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 6c7b722b3fa3d6383a22fb517d3cb5572115c365
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date:   Fri Jan 17 10:19:32 2020 +1300

    fuzz_oLschema2ldif: check multiple possible NULLs
    
    Address sanitizer will object to a theoretically possible NULL dereference
    so we can't ignore these checks in set-up.
    
    Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    
    Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
    Autobuild-Date(master): Fri Jan 17 14:33:18 UTC 2020 on sn-devel-184

commit 6786ec2c9638f13efed8cba156e174644804a61e
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date:   Fri Jan 17 09:59:26 2020 +1300

    fuzzing: check for NULL on ldb_init()
    
    We simply return 0 because failure here is not a problem with the code we
    are actually trying to fuzz. Without this asan is unhappy.
    
    Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    Reviewed-by: Andreas Schneider <asn at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 lib/fuzzing/fuzz_ldb_dn_explode.c    |  3 +++
 lib/fuzzing/fuzz_ldb_ldif_read.c     |  5 ++++-
 lib/fuzzing/fuzz_ldb_parse_control.c |  5 ++++-
 lib/fuzzing/fuzz_oLschema2ldif.c     | 11 +++++++++++
 4 files changed, 22 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/fuzzing/fuzz_ldb_dn_explode.c b/lib/fuzzing/fuzz_ldb_dn_explode.c
index dade67567cb..29747178e3e 100644
--- a/lib/fuzzing/fuzz_ldb_dn_explode.c
+++ b/lib/fuzzing/fuzz_ldb_dn_explode.c
@@ -27,6 +27,9 @@ int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
 {
 	struct ldb_dn *dn = NULL;
 	struct ldb_context *ldb = ldb_init(NULL, NULL);
+	if (ldb == NULL) {
+		return 0;
+	}
 	/*
 	 * We copy the buffer in order to NUL-terminate, because running off
 	 *  the end of the string would be an uninteresting crash.
diff --git a/lib/fuzzing/fuzz_ldb_ldif_read.c b/lib/fuzzing/fuzz_ldb_ldif_read.c
index f2c46bc9beb..4eee1701836 100644
--- a/lib/fuzzing/fuzz_ldb_ldif_read.c
+++ b/lib/fuzzing/fuzz_ldb_ldif_read.c
@@ -26,8 +26,11 @@ char buf[MAX_LENGTH + 1] = {0};
 int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
 {
 	struct ldb_ldif *ldif = NULL;
-	struct ldb_context *ldb = ldb_init(NULL, NULL);
 	const char *s = NULL;
+	struct ldb_context *ldb = ldb_init(NULL, NULL);
+	if (ldb == NULL) {
+		return 0;
+	}
 	
 	if (len > MAX_LENGTH) {
 		len = MAX_LENGTH;
diff --git a/lib/fuzzing/fuzz_ldb_parse_control.c b/lib/fuzzing/fuzz_ldb_parse_control.c
index bd3fda87fdb..98af24a8000 100644
--- a/lib/fuzzing/fuzz_ldb_parse_control.c
+++ b/lib/fuzzing/fuzz_ldb_parse_control.c
@@ -27,8 +27,11 @@ int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
 {
 	struct ldb_control *control = NULL;
 	struct ldb_context *ldb = ldb_init(NULL, NULL);
+	if (ldb == NULL) {
+		return 0;
+	}
 	/*
-	 * We copy the buffer in order to NUL-teminate, because running off
+	 * We copy the buffer in order to NUL-terminate, because running off
 	 *  the end of the string would be an uninteresting crash.
 	 */
 	if (len > MAX_LENGTH) {
diff --git a/lib/fuzzing/fuzz_oLschema2ldif.c b/lib/fuzzing/fuzz_oLschema2ldif.c
index a983f48d660..873e8f1ccc7 100644
--- a/lib/fuzzing/fuzz_oLschema2ldif.c
+++ b/lib/fuzzing/fuzz_oLschema2ldif.c
@@ -43,12 +43,23 @@ int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
 	}
 
 	mem_ctx = talloc_init(__FUNCTION__);
+	if (mem_ctx == NULL) {
+		return 0;
+	}
 
 	opt.in = fmemopen(buf, len, "r");
 	opt.out = devnull;
 	opt.ldb_ctx = ldb_init(mem_ctx, NULL);
+	if (opt.ldb_ctx == NULL || opt.in == NULL) {
+		talloc_free(mem_ctx);
+		return 0;
+	}
 
 	opt.basedn = ldb_dn_new(mem_ctx, opt.ldb_ctx, "");
+	if (opt.basedn == NULL) {
+		talloc_free(mem_ctx);
+		return 0;
+	}
 
 	process_file(mem_ctx, &opt);
 


-- 
Samba Shared Repository



More information about the samba-cvs mailing list