diff options
author | Gary Lockyer <gary@catalyst.net.nz> | 2020-04-03 12:18:03 +1300 |
---|---|---|
committer | Gary Lockyer <gary@samba.org> | 2020-05-04 02:59:31 +0000 |
commit | f467727db5ff6a6e58d9b590e4d443a1d974b679 (patch) | |
tree | 9269acc0655bcfee4676215c85f8c2ad79ef2744 /lib/fuzzing | |
parent | 62621bd686a91328ae378cd56f9876c66be8eac4 (diff) | |
download | samba-f467727db5ff6a6e58d9b590e4d443a1d974b679.tar.gz |
CVE-2020-10704: lib util asn1: Add ASN.1 max tree depth
Add maximum parse tree depth to the call to asn1_init, which will be
used to limit the depth of the ASN.1 parse tree.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'lib/fuzzing')
-rw-r--r-- | lib/fuzzing/fuzz_ldap_decode.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/fuzzing/fuzz_ldap_decode.c b/lib/fuzzing/fuzz_ldap_decode.c index 659169aca96..d89ba637061 100644 --- a/lib/fuzzing/fuzz_ldap_decode.c +++ b/lib/fuzzing/fuzz_ldap_decode.c @@ -34,7 +34,11 @@ int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) struct ldap_message *ldap_msg; NTSTATUS status; - asn1 = asn1_init(mem_ctx); + /* + * Need to limit the max parse tree depth to 250 to prevent + * ASAN detecting stack overflows. + */ + asn1 = asn1_init(mem_ctx, 250); if (!asn1) { goto out; } |