From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Thu, 11 Feb 2021 03:28:43 +0000 (+1300)
Subject: CVE-2020-27840: pytests: move Dn.validate test to ldb
X-Git-Tag: tevent-0.11.0~1397
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9532c44baea130db74f866e1472cb871936cd3dd;p=thirdparty%2Fsamba.git

CVE-2020-27840: pytests: move Dn.validate test to ldb

We had the test in the Samba Python segfault suite because
a) the signal catching infrastructure was there, and
b) the ldb tests lack Samba's knownfail mechanism, which allowed us to
   assert the failure.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/lib/ldb/tests/python/crash.py b/lib/ldb/tests/python/crash.py
new file mode 100644
index 00000000000..32839814552
--- /dev/null
+++ b/lib/ldb/tests/python/crash.py
@@ -0,0 +1,45 @@
+#!/usr/bin/env python3
+#
+# Tests for crashing functions
+
+import os
+from unittest import TestCase
+import os
+import sys
+import traceback
+
+import ldb
+
+
+def segfault_detector(f):
+    def wrapper(*args, **kwargs):
+        pid = os.fork()
+        if pid == 0:
+            # child, crashing?
+            try:
+                f(*args, **kwargs)
+            except Exception as e:
+                traceback.print_exc()
+            sys.stderr.flush()
+            sys.stdout.flush()
+            os._exit(0)
+
+        # parent, waiting
+        pid2, status = os.waitpid(pid, 0)
+        if os.WIFSIGNALED(status):
+            signal = os.WTERMSIG(status)
+            raise AssertionError("Failed with signal %d" % signal)
+
+    return wrapper
+
+
+class LdbDnCrashTests(TestCase):
+    @segfault_detector
+    def test_ldb_dn_explode_crash(self):
+        for i in range(106, 150):
+            dn = ldb.Dn(ldb.Ldb(), "a=b%s,c= " % (' ' * i))
+            dn.validate()
+
+if __name__ == '__main__':
+    import unittest
+    unittest.TestProgram()
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index f374f64aeab..32a1a2e0ec0 100644
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -614,6 +614,7 @@ def test(ctx):
         os.mkdir(tmp_dir)
     pyret = samba_utils.RUN_PYTHON_TESTS(
         ['tests/python/api.py',
+         'tests/python/crash.py',
          'tests/python/index.py',
          'tests/python/repack.py'],
         extra_env={'SELFTEST_PREFIX': test_prefix})
diff --git a/python/samba/tests/segfault.py b/python/samba/tests/segfault.py
index cf450a4a1aa..c6e17ed6ead 100644
--- a/python/samba/tests/segfault.py
+++ b/python/samba/tests/segfault.py
@@ -184,9 +184,3 @@ class SegfaultTests(samba.tests.TestCase):
     def test_dcerpc_idl_inline_arrays(self):
         """Inline arrays were incorrectly handled."""
         dnsserver.DNS_RPC_SERVER_INFO_DOTNET().pExtensions
-
-    @segfault_detector
-    def test_ldb_dn_explode_crash(self):
-        for i in range(106, 550, 5):
-            dn = ldb.Dn(ldb.Ldb(), "a=b%s,c= " % (' ' * i))
-            dn.validate()