From e1b472de7de08acd294a197dc6b3b9570ab839bb Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Fri, 26 Jul 2019 16:02:04 +1200
Subject: [PATCH] ldb: a short program to hammer ldb_dn_explode

We exhaustively try short strings from a selected alphabet.


Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
---
 lib/ldb/tests/ldb_dn_pseudo_fuzz.c | 79 ++++++++++++++++++++++++++++++
 lib/ldb/wscript                    |  5 ++
 2 files changed, 84 insertions(+)
 create mode 100644 lib/ldb/tests/ldb_dn_pseudo_fuzz.c

diff --git a/lib/ldb/tests/ldb_dn_pseudo_fuzz.c b/lib/ldb/tests/ldb_dn_pseudo_fuzz.c
new file mode 100644
index 00000000000..d39d734ed76
--- /dev/null
+++ b/lib/ldb/tests/ldb_dn_pseudo_fuzz.c
@@ -0,0 +1,79 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * Copyright (C) 2018      Andreas Schneider <asn@samba.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <ldb.h>
+
+
+const char letters[] = "1-.\"+\\<>;,=A \0x80";
+size_t n_letters = sizeof(letters) - 1;
+
+uint64_t n_failures = 0;
+uint64_t n_successes = 0;
+
+struct ldb_context *ldb = NULL;
+
+char buffer[100];
+
+
+/* permutations with replacement */
+static int permute(unsigned int buffer_len,
+	    unsigned int pos)
+{
+	unsigned int i;
+	size_t count = 0;
+	struct ldb_dn *dn;
+	int result;
+	if (pos == buffer_len) {
+		buffer[pos] = '\0';
+		dn = ldb_dn_new(ldb, ldb, buffer);
+		result = ldb_dn_validate(dn);
+		if (result == false) {
+			n_failures++;
+		} else {
+			n_successes++;
+			ldb_dn_canonical_string(dn, dn);
+		}
+		talloc_free(dn);
+		return 1;
+	}
+	for (i = 0; i < n_letters; i++) {
+		buffer[pos] = letters[i];
+		count += permute(buffer_len, pos + 1);
+	}
+	return count;
+}
+
+
+int main(void) {
+	unsigned int len;
+	size_t count = 0;
+	size_t round_count;
+	ldb = ldb_init(NULL, NULL);
+	printf("testing with %zu letters\n", n_letters);
+	printf("«%s»\n", letters);
+	for (len = 1; len < 10; len++) {
+		printf("round %u  ", len);
+		round_count = permute(len, 0);
+		printf("%zu\n", round_count);
+		count += round_count;
+		printf("total     %zu\n", count);
+		printf("successes %zu\n", n_successes);
+		printf("failures  %zu\n", n_failures);
+	}
+}
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index fdb9b23de6d..7b498b2fe07 100644
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -502,6 +502,11 @@ def build(bld):
                          deps='ldb',
                          install=False)
 
+        bld.SAMBA_BINARY('ldb_dn_pseudo_fuzz',
+                         source='tests/ldb_dn_pseudo_fuzz.c',
+                         deps='ldb',
+                         install=False)
+
         bld.SAMBA_BINARY('ldb_match_test',
                          source='tests/ldb_match_test.c',
                          deps='cmocka ldb',
-- 
2.20.1