From bcffdc9a895c8aa572819ddd4fca451038990402 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 4 Dec 2019 16:56:44 +1300
Subject: selftest: Add test for ndr_size_struct() faulting on a NULL pointer

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13876

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
---
 .../tests/fuzzed_ntlmssp-CHALLENGE_MESSAGE.txt     | 43 ++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 source4/librpc/tests/fuzzed_ntlmssp-CHALLENGE_MESSAGE.txt

(limited to 'source4')

diff --git a/source4/librpc/tests/fuzzed_ntlmssp-CHALLENGE_MESSAGE.txt b/source4/librpc/tests/fuzzed_ntlmssp-CHALLENGE_MESSAGE.txt
new file mode 100644
index 00000000000..f489979d173
--- /dev/null
+++ b/source4/librpc/tests/fuzzed_ntlmssp-CHALLENGE_MESSAGE.txt
@@ -0,0 +1,43 @@
+pull returned Success
+    CHALLENGE_MESSAGE: struct CHALLENGE_MESSAGE
+        Signature                : ''
+        MessageType              : UNKNOWN_ENUM_VALUE (0x22700)
+        TargetNameLen            : 0x0000 (0)
+        TargetNameMaxLen         : 0x0000 (0)
+        TargetName               : *
+            TargetName               : ''
+        NegotiateFlags           : 0x00000000 (0)
+               0: NTLMSSP_NEGOTIATE_UNICODE
+               0: NTLMSSP_NEGOTIATE_OEM    
+               0: NTLMSSP_REQUEST_TARGET   
+               0: NTLMSSP_NEGOTIATE_SIGN   
+               0: NTLMSSP_NEGOTIATE_SEAL   
+               0: NTLMSSP_NEGOTIATE_DATAGRAM
+               0: NTLMSSP_NEGOTIATE_LM_KEY 
+               0: NTLMSSP_NEGOTIATE_NETWARE
+               0: NTLMSSP_NEGOTIATE_NTLM   
+               0: NTLMSSP_NEGOTIATE_NT_ONLY
+               0: NTLMSSP_ANONYMOUS        
+               0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
+               0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
+               0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
+               0: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
+               0: NTLMSSP_TARGET_TYPE_DOMAIN
+               0: NTLMSSP_TARGET_TYPE_SERVER
+               0: NTLMSSP_TARGET_TYPE_SHARE
+               0: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
+               0: NTLMSSP_NEGOTIATE_IDENTIFY
+               0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
+               0: NTLMSSP_NEGOTIATE_TARGET_INFO
+               0: NTLMSSP_NEGOTIATE_VERSION
+               0: NTLMSSP_NEGOTIATE_128    
+               0: NTLMSSP_NEGOTIATE_KEY_EXCH
+               0: NTLMSSP_NEGOTIATE_56     
+        ServerChallenge          : 00801b846f2eca4f
+        Reserved                 : 5d00bd26404ef730
+        TargetInfoLen            : 0x0000 (0)
+        TargetInfoMaxLen         : 0x0000 (0)
+        TargetInfo               : NULL
+ndr_push_subcontext_end: ndr_push_error(Subcontext Error): Bad subcontext (PUSH) content_size 1 is larger than size_is(0) at ../../librpc/ndr/ndr.c:905
+push returned Subcontext Error
+validate push FAILED
-- 
cgit v1.2.1