From: Douglas Bagnall Date: Thu, 8 Oct 2020 03:22:44 +0000 (+1300) Subject: fuzz: add fuzz_cli_credentials_parse_string X-Git-Tag: talloc-2.3.2~258 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2541f67c67eda0f772bd3fd3980be20265d6186e;p=thirdparty%2Fsamba.git fuzz: add fuzz_cli_credentials_parse_string Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett --- diff --git a/lib/fuzzing/fuzz_cli_credentials_parse_string.c b/lib/fuzzing/fuzz_cli_credentials_parse_string.c new file mode 100644 index 00000000000..3b88109298d --- /dev/null +++ b/lib/fuzzing/fuzz_cli_credentials_parse_string.c @@ -0,0 +1,57 @@ +/* + Fuzz NMB parse_packet + Copyright (C) Catalyst IT 2020 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +#include "includes.h" +#include "auth/credentials/credentials.h" +#include "fuzzing/fuzzing.h" + +#define MAX_LENGTH (1024 * 10) +char buf[MAX_LENGTH + 1]; + +const enum credentials_obtained obtained = CRED_UNINITIALISED; + + +int LLVMFuzzerTestOneInput(uint8_t *input, size_t len) +{ + TALLOC_CTX *mem_ctx = NULL; + struct cli_credentials *credentials = NULL; + bool anon; + const char *username; + const char *domain; + + if (len > MAX_LENGTH) { + return 0; + } + + memcpy(buf, input, len); + buf[len] = '\0'; + + mem_ctx = talloc_new(NULL); + credentials = cli_credentials_init(mem_ctx); + + cli_credentials_parse_string(credentials, buf, obtained); + + anon = cli_credentials_is_anonymous(credentials); + + cli_credentials_get_ntlm_username_domain(credentials, + mem_ctx, + &username, + &domain); + + talloc_free(mem_ctx); + return 0; +} diff --git a/lib/fuzzing/wscript_build b/lib/fuzzing/wscript_build index 8bf0db000cf..1322d713d0b 100644 --- a/lib/fuzzing/wscript_build +++ b/lib/fuzzing/wscript_build @@ -77,6 +77,11 @@ bld.SAMBA_BINARY('fuzz_dcerpc_parse_binding', deps='fuzzing dcerpc afl-fuzz-main', fuzzer=True) +bld.SAMBA_BINARY('fuzz_cli_credentials_parse_string', + source='fuzz_cli_credentials_parse_string.c', + deps='fuzzing samba-credentials afl-fuzz-main', + fuzzer=True) + # The fuzz_type and fuzz_function parameters make the built # fuzzer take the same input as ndrdump and so the same that # could be sent to the client or server as the stub data.