CVE-2020-10704: lib util asn1: Add ASN.1 max tree depth

Add maximum parse tree depth to the call to asn1_init, which will be used to limit the depth of the ASN.1 parse tree. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
author: Gary Lockyer <gary@catalyst.net.nz> 2020-04-03 12:18:03 +1300
committer: Gary Lockyer <gary@samba.org> 2020-05-04 02:59:31 +0000
commit: f467727db5ff6a6e58d9b590e4d443a1d974b679 (patch)
tree: 9269acc0655bcfee4676215c85f8c2ad79ef2744 /lib/fuzzing
parent: 62621bd686a91328ae378cd56f9876c66be8eac4 (diff)
download: samba-f467727db5ff6a6e58d9b590e4d443a1d974b679.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/fuzzing/fuzz_ldap_decode.c b/lib/fuzzing/fuzz_ldap_decode.c
index 659169aca96..d89ba637061 100644
--- a/lib/fuzzing/fuzz_ldap_decode.c
+++ b/lib/fuzzing/fuzz_ldap_decode.c
@@ -34,7 +34,11 @@ int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
 	struct ldap_message *ldap_msg;
 	NTSTATUS status;
 
-	asn1 = asn1_init(mem_ctx);
+	/*
+	 * Need to limit the max parse tree depth to 250 to prevent
+	 * ASAN detecting stack overflows.
+	 */
+	asn1 = asn1_init(mem_ctx, 250);
 	if (!asn1) {
 		goto out;
 	}
author	Gary Lockyer <gary@catalyst.net.nz>	2020-04-03 12:18:03 +1300
committer	Gary Lockyer <gary@samba.org>	2020-05-04 02:59:31 +0000
commit	f467727db5ff6a6e58d9b590e4d443a1d974b679 (patch)
tree	9269acc0655bcfee4676215c85f8c2ad79ef2744 /lib/fuzzing
parent	62621bd686a91328ae378cd56f9876c66be8eac4 (diff)
download	samba-f467727db5ff6a6e58d9b590e4d443a1d974b679.tar.gz