diff options
author | Douglas Bagnall <douglas.bagnall@catalyst.net.nz> | 2020-01-10 12:35:30 +1300 |
---|---|---|
committer | Gary Lockyer <gary@samba.org> | 2020-01-15 19:58:41 +0000 |
commit | 13bd82db64be827c3472255531ee79501f07f129 (patch) | |
tree | c8977dc828d6dc72d861f5d0dfd79e071918e9a0 /lib/fuzzing/fuzz_ldb_dn_explode.c | |
parent | 79460b1b9f3452d6d68014b84f4a9dc3988bd916 (diff) | |
download | samba-13bd82db64be827c3472255531ee79501f07f129.tar.gz |
fuzz: ldb_dn parsing
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Diffstat (limited to 'lib/fuzzing/fuzz_ldb_dn_explode.c')
-rw-r--r-- | lib/fuzzing/fuzz_ldb_dn_explode.c | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/lib/fuzzing/fuzz_ldb_dn_explode.c b/lib/fuzzing/fuzz_ldb_dn_explode.c new file mode 100644 index 00000000000..dade67567cb --- /dev/null +++ b/lib/fuzzing/fuzz_ldb_dn_explode.c @@ -0,0 +1,44 @@ +/* + Fuzzing ldb_parse_control_from_string + Copyright (C) Catalyst IT 2020 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ +#include "includes.h" +#include "fuzzing/fuzzing.h" +#include "ldb.h" + + +#define MAX_LENGTH (2 * 1024 * 1024 - 1) +char buf[MAX_LENGTH + 1] = {0}; + +int LLVMFuzzerTestOneInput(uint8_t *input, size_t len) +{ + struct ldb_dn *dn = NULL; + struct ldb_context *ldb = ldb_init(NULL, NULL); + /* + * We copy the buffer in order to NUL-terminate, because running off + * the end of the string would be an uninteresting crash. + */ + if (len > MAX_LENGTH) { + len = MAX_LENGTH; + } + memcpy(buf, input, len); + buf[len] = 0; + + dn = ldb_dn_new(ldb, ldb, buf); + ldb_dn_validate(dn); + TALLOC_FREE(ldb); + return 0; +} |