From: Douglas Bagnall Date: Sat, 17 Oct 2020 22:59:40 +0000 (+1300) Subject: fuzz_dcerpc_parse_binding: don't leak X-Git-Tag: talloc-2.3.2~235 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=930695b04d2c3984c4e335ff25471b2432885884;p=thirdparty%2Fsamba.git fuzz_dcerpc_parse_binding: don't leak Also, by not tallocing at all in the too-long case, we can short circuit quicker. Signed-off-by: Douglas Bagnall Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Oct 20 02:26:40 UTC 2020 on sn-devel-184 --- diff --git a/lib/fuzzing/fuzz_dcerpc_parse_binding.c b/lib/fuzzing/fuzz_dcerpc_parse_binding.c index 5f1c68707ed..61df0c0670e 100644 --- a/lib/fuzzing/fuzz_dcerpc_parse_binding.c +++ b/lib/fuzzing/fuzz_dcerpc_parse_binding.c @@ -26,7 +26,7 @@ char buf[MAX_LENGTH + 1]; int LLVMFuzzerTestOneInput(uint8_t *input, size_t len) { - TALLOC_CTX *mem_ctx = talloc_new(NULL); + TALLOC_CTX *mem_ctx = NULL; struct dcerpc_binding *binding = NULL; struct dcerpc_binding *dup = NULL; struct epm_tower tower; @@ -36,9 +36,11 @@ int LLVMFuzzerTestOneInput(uint8_t *input, size_t len) if (len > MAX_LENGTH) { return 0; } + memcpy(buf, input, len); buf[len] = '\0'; + mem_ctx = talloc_new(NULL); status = dcerpc_parse_binding(mem_ctx, buf, &binding); if (! NT_STATUS_IS_OK(status)) {