diff options
author | Douglas Bagnall <douglas.bagnall@catalyst.net.nz> | 2020-10-08 16:22:44 +1300 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2020-10-16 04:45:40 +0000 |
commit | 2541f67c67eda0f772bd3fd3980be20265d6186e (patch) | |
tree | 98ce85f7dc3eaf996b0900c59d37564ab1401347 /lib/fuzzing | |
parent | e721dfc833a84a83158bee1182336b2502a9a57d (diff) | |
download | samba-2541f67c67eda0f772bd3fd3980be20265d6186e.tar.gz |
fuzz: add fuzz_cli_credentials_parse_string
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'lib/fuzzing')
-rw-r--r-- | lib/fuzzing/fuzz_cli_credentials_parse_string.c | 57 | ||||
-rw-r--r-- | lib/fuzzing/wscript_build | 5 |
2 files changed, 62 insertions, 0 deletions
diff --git a/lib/fuzzing/fuzz_cli_credentials_parse_string.c b/lib/fuzzing/fuzz_cli_credentials_parse_string.c new file mode 100644 index 00000000000..3b88109298d --- /dev/null +++ b/lib/fuzzing/fuzz_cli_credentials_parse_string.c @@ -0,0 +1,57 @@ +/* + Fuzz NMB parse_packet + Copyright (C) Catalyst IT 2020 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ +#include "includes.h" +#include "auth/credentials/credentials.h" +#include "fuzzing/fuzzing.h" + +#define MAX_LENGTH (1024 * 10) +char buf[MAX_LENGTH + 1]; + +const enum credentials_obtained obtained = CRED_UNINITIALISED; + + +int LLVMFuzzerTestOneInput(uint8_t *input, size_t len) +{ + TALLOC_CTX *mem_ctx = NULL; + struct cli_credentials *credentials = NULL; + bool anon; + const char *username; + const char *domain; + + if (len > MAX_LENGTH) { + return 0; + } + + memcpy(buf, input, len); + buf[len] = '\0'; + + mem_ctx = talloc_new(NULL); + credentials = cli_credentials_init(mem_ctx); + + cli_credentials_parse_string(credentials, buf, obtained); + + anon = cli_credentials_is_anonymous(credentials); + + cli_credentials_get_ntlm_username_domain(credentials, + mem_ctx, + &username, + &domain); + + talloc_free(mem_ctx); + return 0; +} diff --git a/lib/fuzzing/wscript_build b/lib/fuzzing/wscript_build index 8bf0db000cf..1322d713d0b 100644 --- a/lib/fuzzing/wscript_build +++ b/lib/fuzzing/wscript_build @@ -77,6 +77,11 @@ bld.SAMBA_BINARY('fuzz_dcerpc_parse_binding', deps='fuzzing dcerpc afl-fuzz-main', fuzzer=True) +bld.SAMBA_BINARY('fuzz_cli_credentials_parse_string', + source='fuzz_cli_credentials_parse_string.c', + deps='fuzzing samba-credentials afl-fuzz-main', + fuzzer=True) + # The fuzz_type and fuzz_function parameters make the built # fuzzer take the same input as ndrdump and so the same that # could be sent to the client or server as the stub data. |