From 4d3054261df3b8726a4db943b0734071ad151423 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 21 Jan 2022 20:42:45 +0100
Subject: [PATCH] blackbox.ndrdump: fix
 test_ndrdump_fuzzed_NULL_struct_ntlmssp_CHALLENGE_MESSAGE test

This actually reveals that ndr_push_string() for TargetName="" was
failing before because it resulted in 1 byte for a subcontext with
TargetLen=0.

This is fixed now and we no longer expect ndrdump to exit with 1.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jan 24 16:18:34 UTC 2022 on sn-devel-184

(cherry picked from commit 12464bd4c222d996aac6d6250b7945d63f20f4bc)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Sun Jan 30 11:52:27 UTC 2022 on sn-devel-184
---
 python/samba/tests/blackbox/ndrdump.py        |  5 +-
 selftest/knownfail.d/blackbox.ndrdump         |  1 -
 .../fuzzed_ntlmssp-CHALLENGE_MESSAGE.txt      | 52 +++++++++++++++++--
 3 files changed, 51 insertions(+), 7 deletions(-)
 delete mode 100644 selftest/knownfail.d/blackbox.ndrdump

diff --git a/python/samba/tests/blackbox/ndrdump.py b/python/samba/tests/blackbox/ndrdump.py
index 15c21bc3cda..11d9441e51a 100644
--- a/python/samba/tests/blackbox/ndrdump.py
+++ b/python/samba/tests/blackbox/ndrdump.py
@@ -499,10 +499,9 @@ dump OK
     def test_ndrdump_fuzzed_NULL_struct_ntlmssp_CHALLENGE_MESSAGE(self):
         expected =  open(self.data_path("fuzzed_ntlmssp-CHALLENGE_MESSAGE.txt")).read().encode('utf8')
         try:
-            actual = self.check_exit_code(
+            actual = self.check_output(
                 "ndrdump --debug-stdout ntlmssp CHALLENGE_MESSAGE struct --validate --input " +\
-                "'AAAACwIAAAAAJwIAAAAAAAcAAAAAAAAAAIAbhG8uyk9dAL0mQE73MAAAAAAAAAAA' --base64-input",
-                1)
+                "'AAAACwIAAAAAJwIAAAAAAAcAAAAAAAAAAIAbhG8uyk9dAL0mQE73MAAAAAAAAAAA' --base64-input")
         except BlackboxProcessError as e:
             self.fail(e)
 
diff --git a/selftest/knownfail.d/blackbox.ndrdump b/selftest/knownfail.d/blackbox.ndrdump
deleted file mode 100644
index 8131b070b37..00000000000
--- a/selftest/knownfail.d/blackbox.ndrdump
+++ /dev/null
@@ -1 +0,0 @@
-^samba.tests.blackbox.ndrdump.samba.tests.blackbox.ndrdump.NdrDumpTests.test_ndrdump_fuzzed_NULL_struct_ntlmssp_CHALLENGE_MESSAGE
diff --git a/source4/librpc/tests/fuzzed_ntlmssp-CHALLENGE_MESSAGE.txt b/source4/librpc/tests/fuzzed_ntlmssp-CHALLENGE_MESSAGE.txt
index 90879ad923e..450c6532d10 100644
--- a/source4/librpc/tests/fuzzed_ntlmssp-CHALLENGE_MESSAGE.txt
+++ b/source4/librpc/tests/fuzzed_ntlmssp-CHALLENGE_MESSAGE.txt
@@ -38,6 +38,52 @@ pull returned Success
         TargetInfoLen            : 0x0000 (0)
         TargetInfoMaxLen         : 0x0000 (0)
         TargetInfo               : NULL
-ndr_push_subcontext_end: ndr_push_error(Subcontext Error): Bad subcontext (PUSH) content_size 1 is larger than size_is(0) at ../../librpc/ndr/ndr.c:901
-push returned Subcontext Error
-validate push FAILED
+push returned Success
+pull returned Success
+    CHALLENGE_MESSAGE: struct CHALLENGE_MESSAGE
+        Signature                : 'NTLMSSP'
+        MessageType              : NtLmChallenge (0x2)
+        TargetNameLen            : 0x0000 (0)
+        TargetNameMaxLen         : 0x0000 (0)
+        TargetName               : *
+            TargetName               : ''
+        NegotiateFlags           : 0x00000000 (0)
+               0: NTLMSSP_NEGOTIATE_UNICODE
+               0: NTLMSSP_NEGOTIATE_OEM    
+               0: NTLMSSP_REQUEST_TARGET   
+               0: NTLMSSP_NEGOTIATE_SIGN   
+               0: NTLMSSP_NEGOTIATE_SEAL   
+               0: NTLMSSP_NEGOTIATE_DATAGRAM
+               0: NTLMSSP_NEGOTIATE_LM_KEY 
+               0: NTLMSSP_NEGOTIATE_NETWARE
+               0: NTLMSSP_NEGOTIATE_NTLM   
+               0: NTLMSSP_NEGOTIATE_NT_ONLY
+               0: NTLMSSP_ANONYMOUS        
+               0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
+               0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
+               0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
+               0: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
+               0: NTLMSSP_TARGET_TYPE_DOMAIN
+               0: NTLMSSP_TARGET_TYPE_SERVER
+               0: NTLMSSP_TARGET_TYPE_SHARE
+               0: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
+               0: NTLMSSP_NEGOTIATE_IDENTIFY
+               0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
+               0: NTLMSSP_NEGOTIATE_TARGET_INFO
+               0: NTLMSSP_NEGOTIATE_VERSION
+               0: NTLMSSP_NEGOTIATE_128    
+               0: NTLMSSP_NEGOTIATE_KEY_EXCH
+               0: NTLMSSP_NEGOTIATE_56     
+        ServerChallenge          : 00801b846f2eca4f
+        Reserved                 : 5d00bd26404ef730
+        TargetInfoLen            : 0x0000 (0)
+        TargetInfoMaxLen         : 0x0000 (0)
+        TargetInfo               : NULL
+WARNING! orig and validated differ at byte 0x00 (0)
+WARNING! orig byte[0x00] = 0x00 validated byte[0x00] = 0x4E
+-[0000] 00 00 00 0B 02 00 00 00   00 27 02 00 00 00 00 00   ........ .'......
++[0000] 4E 54 4C 4D 53 53 50 00   02 00 00 00 00 00 00 00   NTLMSSP. ........
+-[0010] 07 00 00 00 00 00 00 00   00 80 1B 84 6F 2E CA 4F   ........ ....o..O
++[0010] 30 00 00 00 00 00 00 00   00 80 1B 84 6F 2E CA 4F   0....... ....o..O
+ [0020] 5D 00 BD 26 40 4E F7 30   00 00 00 00 00 00 00 00   ]..&@N.0 ........
+dump OK
-- 
2.47.3