The branch, master has been updated
via 6c7b722b3fa fuzz_oLschema2ldif: check multiple possible NULLs
via 6786ec2c963 fuzzing: check for NULL on ldb_init()
from 75367e4b067 librpc: add clusapi_GroupSetControlCode enum
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6c7b722b3fa3d6383a22fb517d3cb5572115c365
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Fri Jan 17 10:19:32 2020 +1300
fuzz_oLschema2ldif: check multiple possible NULLs
Address sanitizer will object to a theoretically possible NULL dereference
so we can't ignore these checks in set-up.
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andreas Schneider <a...@samba.org>
Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
Autobuild-Date(master): Fri Jan 17 14:33:18 UTC 2020 on sn-devel-184
commit 6786ec2c9638f13efed8cba156e174644804a61e
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Fri Jan 17 09:59:26 2020 +1300
fuzzing: check for NULL on ldb_init()
We simply return 0 because failure here is not a problem with the code we
are actually trying to fuzz. Without this asan is unhappy.
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andreas Schneider <a...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/fuzzing/fuzz_ldb_dn_explode.c | 3 +++
lib/fuzzing/fuzz_ldb_ldif_read.c | 5 ++++-
lib/fuzzing/fuzz_ldb_parse_control.c | 5 ++++-
lib/fuzzing/fuzz_oLschema2ldif.c | 11 +++++++++++
4 files changed, 22 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/fuzzing/fuzz_ldb_dn_explode.c
b/lib/fuzzing/fuzz_ldb_dn_explode.c
index dade67567cb..29747178e3e 100644
--- a/lib/fuzzing/fuzz_ldb_dn_explode.c
+++ b/lib/fuzzing/fuzz_ldb_dn_explode.c
@@ -27,6 +27,9 @@ int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
{
struct ldb_dn *dn = NULL;
struct ldb_context *ldb = ldb_init(NULL, NULL);
+ if (ldb == NULL) {
+ return 0;
+ }
/*
* We copy the buffer in order to NUL-terminate, because running off
* the end of the string would be an uninteresting crash.
diff --git a/lib/fuzzing/fuzz_ldb_ldif_read.c b/lib/fuzzing/fuzz_ldb_ldif_read.c
index f2c46bc9beb..4eee1701836 100644
--- a/lib/fuzzing/fuzz_ldb_ldif_read.c
+++ b/lib/fuzzing/fuzz_ldb_ldif_read.c
@@ -26,8 +26,11 @@ char buf[MAX_LENGTH + 1] = {0};
int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
{
struct ldb_ldif *ldif = NULL;
- struct ldb_context *ldb = ldb_init(NULL, NULL);
const char *s = NULL;
+ struct ldb_context *ldb = ldb_init(NULL, NULL);
+ if (ldb == NULL) {
+ return 0;
+ }
if (len > MAX_LENGTH) {
len = MAX_LENGTH;
diff --git a/lib/fuzzing/fuzz_ldb_parse_control.c
b/lib/fuzzing/fuzz_ldb_parse_control.c
index bd3fda87fdb..98af24a8000 100644
--- a/lib/fuzzing/fuzz_ldb_parse_control.c
+++ b/lib/fuzzing/fuzz_ldb_parse_control.c
@@ -27,8 +27,11 @@ int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
{
struct ldb_control *control = NULL;
struct ldb_context *ldb = ldb_init(NULL, NULL);
+ if (ldb == NULL) {
+ return 0;
+ }
/*
- * We copy the buffer in order to NUL-teminate, because running off
+ * We copy the buffer in order to NUL-terminate, because running off
* the end of the string would be an uninteresting crash.
*/
if (len > MAX_LENGTH) {
diff --git a/lib/fuzzing/fuzz_oLschema2ldif.c b/lib/fuzzing/fuzz_oLschema2ldif.c
index a983f48d660..873e8f1ccc7 100644
--- a/lib/fuzzing/fuzz_oLschema2ldif.c
+++ b/lib/fuzzing/fuzz_oLschema2ldif.c
@@ -43,12 +43,23 @@ int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
}
mem_ctx = talloc_init(__FUNCTION__);
+ if (mem_ctx == NULL) {
+ return 0;
+ }
opt.in = fmemopen(buf, len, "r");
opt.out = devnull;
opt.ldb_ctx = ldb_init(mem_ctx, NULL);
+ if (opt.ldb_ctx == NULL || opt.in == NULL) {
+ talloc_free(mem_ctx);
+ return 0;
+ }
opt.basedn = ldb_dn_new(mem_ctx, opt.ldb_ctx, "");
+ if (opt.basedn == NULL) {
+ talloc_free(mem_ctx);
+ return 0;
+ }
process_file(mem_ctx, &opt);
--
Samba Shared Repository
