diff options
author | Douglas Bagnall <douglas.bagnall@catalyst.net.nz> | 2020-10-18 11:59:40 +1300 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2020-10-20 02:26:40 +0000 |
commit | 930695b04d2c3984c4e335ff25471b2432885884 (patch) | |
tree | 0f45162d5d0a1f1383a3af29b2591a51903853aa /lib/fuzzing | |
parent | 67c437bf11caf6b9ec1ead62fbc5ba0f0f10d77a (diff) | |
download | samba-930695b04d2c3984c4e335ff25471b2432885884.tar.gz |
fuzz_dcerpc_parse_binding: don't leak
Also, by not tallocing at all in the too-long case, we can short
circuit quicker.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 20 02:26:40 UTC 2020 on sn-devel-184
Diffstat (limited to 'lib/fuzzing')
-rw-r--r-- | lib/fuzzing/fuzz_dcerpc_parse_binding.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/fuzzing/fuzz_dcerpc_parse_binding.c b/lib/fuzzing/fuzz_dcerpc_parse_binding.c index 5f1c68707ed..61df0c0670e 100644 --- a/lib/fuzzing/fuzz_dcerpc_parse_binding.c +++ b/lib/fuzzing/fuzz_dcerpc_parse_binding.c @@ -26,7 +26,7 @@ char buf[MAX_LENGTH + 1]; int LLVMFuzzerTestOneInput(uint8_t *input, size_t len) { - TALLOC_CTX *mem_ctx = talloc_new(NULL); + TALLOC_CTX *mem_ctx = NULL; struct dcerpc_binding *binding = NULL; struct dcerpc_binding *dup = NULL; struct epm_tower tower; @@ -36,9 +36,11 @@ int LLVMFuzzerTestOneInput(uint8_t *input, size_t len) if (len > MAX_LENGTH) { return 0; } + memcpy(buf, input, len); buf[len] = '\0'; + mem_ctx = talloc_new(NULL); status = dcerpc_parse_binding(mem_ctx, buf, &binding); if (! NT_STATUS_IS_OK(status)) { |