diff options
author | Douglas Bagnall <douglas.bagnall@catalyst.net.nz> | 2019-10-31 16:28:28 +1300 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2019-12-10 07:50:28 +0000 |
commit | 7b265830ad6796dbbe721f7abfd62a19c2185b65 (patch) | |
tree | 86dea325c0e73ef5765b6768a1a8bfade35602d2 /pidl | |
parent | ef5d79e24ba8aec226419e594de0cf91c24d7fc4 (diff) | |
download | samba-7b265830ad6796dbbe721f7abfd62a19c2185b65.tar.gz |
lib/fuzzing: add fuzz_ndr_X
This NDR fuzzer links with each "interface" in the IDL files to
create avsingle binary. This tries to matches what the fuzzing
engines desire.
It started as a copy of ndrdump but very little of that remains
in place.
The fancy build rules try to avoid needing a lof of boilerplate
in the wscript_build files and ensure new fuzzers are generated
and run when new IDL is added automatically.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'pidl')
-rw-r--r-- | pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index 94428ec2037..91b5f942994 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -2604,6 +2604,31 @@ sub ParseFunctionPull($$) $self->pidl("if (flags & NDR_OUT) {"); $self->indent; + $self->pidl("#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION"); + + # This for fuzzers of ndr_pull where the out elements refer to + # in elements in size_is or length_is. + # + # Not actually very harmful but also not useful outsie a fuzzer + foreach my $e (@{$fn->{ELEMENTS}}) { + next unless (grep(/in/, @{$e->{DIRECTION}})); + next unless ($e->{LEVELS}[0]->{TYPE} eq "POINTER" and + $e->{LEVELS}[0]->{POINTER_TYPE} eq "ref"); + next if (($e->{LEVELS}[1]->{TYPE} eq "DATA") and + ($e->{LEVELS}[1]->{DATA_TYPE} eq "string")); + next if ($e->{LEVELS}[1]->{TYPE} eq "PIPE"); + next if ($e->{LEVELS}[1]->{TYPE} eq "ARRAY"); + + $self->pidl("if (r->in.$e->{NAME} == NULL) {"); + $self->indent; + $self->pidl("NDR_PULL_ALLOC($ndr, r->in.$e->{NAME});"); + $self->pidl("NDR_ZERO_STRUCTP(r->in.$e->{NAME});"); + $self->deindent; + $self->pidl("}"); + } + + $self->pidl("#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */"); + $env = GenerateFunctionOutEnv($fn); foreach my $e (@{$fn->{ELEMENTS}}) { next unless grep(/out/, @{$e->{DIRECTION}}); |