The Samba-Bugzilla – Attachment 15378 Details for
Bug 14049
ldb dn crash
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
updated script to look for ldb_dn segfaults
0001-ldb-a-short-program-to-hammer-ldb_dn_explode.patch (text/plain), 4.90 KB, created by
Douglas Bagnall
on 2019-08-07 01:02:30 UTC
(
hide
)
Description:
updated script to look for ldb_dn segfaults
Filename:
MIME Type:
Creator:
Douglas Bagnall
Created:
2019-08-07 01:02:30 UTC
Size:
4.90 KB
patch
obsolete
>From d23785e69ddd1b511202be1e601e970798aac409 Mon Sep 17 00:00:00 2001 >From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >Date: Fri, 26 Jul 2019 16:02:04 +1200 >Subject: [PATCH] ldb: a short program to hammer ldb_dn_explode > >We exhaustively try short strings from a selected alphabet, both on >its own, and as suffixes and prefixes of an ordinary looking DN. > >Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >--- > lib/ldb/tests/ldb_dn_pseudo_fuzz.c | 128 +++++++++++++++++++++++++++++ > lib/ldb/wscript | 5 ++ > 2 files changed, 133 insertions(+) > create mode 100644 lib/ldb/tests/ldb_dn_pseudo_fuzz.c > >diff --git a/lib/ldb/tests/ldb_dn_pseudo_fuzz.c b/lib/ldb/tests/ldb_dn_pseudo_fuzz.c >new file mode 100644 >index 00000000000..8eba901ed96 >--- /dev/null >+++ b/lib/ldb/tests/ldb_dn_pseudo_fuzz.c >@@ -0,0 +1,128 @@ >+/* >+ * Unix SMB/CIFS implementation. >+ * >+ * Copyright (C) 2018 Andreas Schneider <asn@samba.org> >+ * >+ * This program is free software; you can redistribute it and/or modify >+ * it under the terms of the GNU General Public License as published by >+ * the Free Software Foundation; either version 3 of the License, or >+ * (at your option) any later version. >+ * >+ * This program is distributed in the hope that it will be useful, >+ * but WITHOUT ANY WARRANTY; without even the implied warranty of >+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+ * GNU General Public License for more details. >+ * >+ * You should have received a copy of the GNU General Public License >+ * along with this program. If not, see <http://www.gnu.org/licenses/>. >+ */ >+ >+#include <ldb.h> >+#include "replace.h" >+ >+#define SLOW_PERMUTE_DEPTH 8 >+#define MAX_PERMUTE_DEPTH 20 >+ >+const char letters[] = "1-.\"+\\<>;,=A \x80"; >+size_t n_letters = strlen(letters); >+ >+uint64_t n_failures = 0; >+uint64_t n_successes = 0; >+ >+struct ldb_context *ldb = NULL; >+ >+char buffer[300]; >+ >+const char *TEMPLATES[] = { >+ "CN=onething,CN=another,CN=Configuration,DC=addom,DC=samba,DC=example,DC=com", >+ "", >+}; >+ >+/* permutations with replacement */ >+static int permute(char *dest, >+ unsigned int dest_len, >+ unsigned int pos) >+{ >+ unsigned int i; >+ size_t count = 0; >+ struct ldb_dn *dn; >+ int result; >+ if (pos == dest_len) { >+ dn = ldb_dn_new(ldb, ldb, dest); >+ result = ldb_dn_validate(dn); >+ if (result == false) { >+ n_failures++; >+ } else { >+ n_successes++; >+ ldb_dn_canonical_string(dn, dn); >+ } >+ talloc_free(dn); >+ return 1; >+ } >+ for (i = 0; i < n_letters; i++) { >+ dest[pos] = letters[i]; >+ count += permute(dest, dest_len, pos + 1); >+ } >+ return count; >+} >+ >+ >+static void print_usage_and_exit(void) { >+ printf("USAGE: ldb_dn_pseudo_fuzz [DEPTH]\n\n"); >+ printf("DEPTH is in the range 1-%d\n", MAX_PERMUTE_DEPTH); >+ printf("DEPTH >= %d will be quite slow\n", SLOW_PERMUTE_DEPTH); >+ exit(1); >+} >+ >+int main(int argc, const char **argv) { >+ unsigned int len, i; >+ size_t count = 0; >+ size_t round_count; >+ unsigned long permute_length = 0; >+ if (argc != 2) { >+ print_usage_and_exit(); >+ } else if (argc == 2) { >+ char *end = NULL; >+ permute_length = strtoul(argv[1], &end, 10); >+ if (end == argv[0] || *end != '\0' || >+ permute_length == 0 || >+ permute_length > MAX_PERMUTE_DEPTH) { >+ print_usage_and_exit(); >+ } >+ } >+ ldb = ldb_init(NULL, NULL); >+ >+ printf("testing with %zu letters\n", n_letters); >+ printf("«%s»\n", letters); >+ printf("using permutations up to %lu\n", permute_length); >+ if (permute_length >= SLOW_PERMUTE_DEPTH) { >+ printf("This may take some time!\n"); >+ } >+ >+ for (i = 0; i < ARRAY_SIZE(TEMPLATES); i++) { >+ const char *template = TEMPLATES[i]; >+ size_t t_len = strlen(template); >+ strncpy(buffer, template, sizeof(buffer)); >+ printf("template: %s\n", buffer); >+ for (len = 1; len <= permute_length; len++) { >+ printf("round %u ", len); >+ round_count = permute(buffer, len, 0); >+ printf("%zu\n", round_count); >+ count += round_count; >+ } >+ if (t_len > 0) { >+ strncpy(buffer, template, sizeof(buffer)); >+ printf("doing tail of %s\n", buffer); >+ for (len = 1; len <= permute_length; len++) { >+ printf("round %u ", len); >+ round_count = permute(buffer + t_len, len, 0); >+ printf("%zu\n", round_count); >+ count += round_count; >+ } >+ } >+ } >+ printf("total %zu\n", count); >+ printf("successes %zu\n", n_successes); >+ printf("failures %zu\n", n_failures); >+ exit(0); >+} >diff --git a/lib/ldb/wscript b/lib/ldb/wscript >index fdb9b23de6d..7b498b2fe07 100644 >--- a/lib/ldb/wscript >+++ b/lib/ldb/wscript >@@ -502,6 +502,11 @@ def build(bld): > deps='ldb', > install=False) > >+ bld.SAMBA_BINARY('ldb_dn_pseudo_fuzz', >+ source='tests/ldb_dn_pseudo_fuzz.c', >+ deps='ldb', >+ install=False) >+ > bld.SAMBA_BINARY('ldb_match_test', > source='tests/ldb_match_test.c', > deps='cmocka ldb', >-- >2.20.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 14049
:
15323
|
15327
|
15328
|
15330
| 15378 |
15403