diff options
author | Douglas Bagnall <douglas.bagnall@catalyst.net.nz> | 2020-01-10 17:33:03 +1300 |
---|---|---|
committer | Gary Lockyer <gary@samba.org> | 2020-01-15 19:58:41 +0000 |
commit | f4bafcca863f1f11b07dfec960495a84184f2317 (patch) | |
tree | 3fe6af1c4682e75cfba1d9884ba4931e1215ff51 /lib/fuzzing | |
parent | da4786003fef39737734e1a5cbf752442f7793b1 (diff) | |
download | samba-f4bafcca863f1f11b07dfec960495a84184f2317.tar.gz |
fuzz: ldb binary decode/enode
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Diffstat (limited to 'lib/fuzzing')
-rw-r--r-- | lib/fuzzing/fuzz_ldb_parse_binary_decode.c | 49 | ||||
-rw-r--r-- | lib/fuzzing/wscript_build | 5 |
2 files changed, 54 insertions, 0 deletions
diff --git a/lib/fuzzing/fuzz_ldb_parse_binary_decode.c b/lib/fuzzing/fuzz_ldb_parse_binary_decode.c new file mode 100644 index 00000000000..6b79a34a027 --- /dev/null +++ b/lib/fuzzing/fuzz_ldb_parse_binary_decode.c @@ -0,0 +1,49 @@ +/* + Fuzzing ldb_parse_control_from_string + Copyright (C) Catalyst IT 2020 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ +#include "includes.h" +#include "fuzzing/fuzzing.h" +#include "ldb_private.h" + + +#define MAX_LENGTH (2 * 1024 * 1024 - 1) +char buf[MAX_LENGTH + 1] = {0}; + +static char * possibly_truncate(uint8_t *input, size_t len) +{ + if (len > MAX_LENGTH) { + len = MAX_LENGTH; + } + memcpy(buf, input, len); + buf[len] = 0; + return buf; +} + + +int LLVMFuzzerTestOneInput(uint8_t *input, size_t len) +{ + TALLOC_CTX *mem_ctx = talloc_init(__FUNCTION__); + struct ldb_val val = {0}; + const char *s = possibly_truncate(input, len); + + /* we treat the same string to encoding and decoding, not + * round-tripping. */ + val = ldb_binary_decode(mem_ctx, s); + ldb_binary_encode_string(mem_ctx, s); + TALLOC_FREE(mem_ctx); + return 0; +} diff --git a/lib/fuzzing/wscript_build b/lib/fuzzing/wscript_build index b5d699e4dcd..68a1f5ca234 100644 --- a/lib/fuzzing/wscript_build +++ b/lib/fuzzing/wscript_build @@ -57,6 +57,11 @@ bld.SAMBA_BINARY('fuzz_ldb_ldif_read', deps='fuzzing ldb afl-fuzz-main', fuzzer=True) +bld.SAMBA_BINARY('fuzz_ldb_parse_binary_decode', + source='fuzz_ldb_parse_binary_decode.c', + deps='fuzzing ldb afl-fuzz-main', + fuzzer=True) + bld.SAMBA_BINARY('fuzz_ldb_parse_tree', source='fuzz_ldb_parse_tree.c', deps='fuzzing ldb afl-fuzz-main', |