samba.git/lib/fuzzing/wscript_build, branch talloc-2.4.2 Unnamed repository; edit this file 'description' to name the repository. lib/fuzzing: Fix code spelling 2023-12-08T02:28:33+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2023-11-27T06:41:13+00:00 ac86015041337e3547369f7d93ee41825fff1d6e Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib/fuzzing: fuzz_conditional_ace_blob 2023-09-26T23:45:35+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2023-06-29T03:15:08+00:00 ea4caa45ab3c76c47b965df913e1286367a0d07f This parses the blob as a conditional ACE, and if possible tries decompiling it into SDDL. There are not many round-trip assertions we can honestly make, but we keep the trip going as long as possible, in case it reveals anything. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
This parses the blob as a conditional ACE, and if possible tries
decompiling it into SDDL.

There are not many round-trip assertions we can honestly make, but we
keep the trip going as long as possible, in case it reveals anything.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
fuzz: add fuzzer for ldb_comparison_fold 2023-08-08T04:39:39+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2021-03-05T23:40:17+00:00 17e35c269141bcefbe31ff8be0c343b6b13165f9 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
fuzz: add fuzzer for sess_crypt_blob 2023-08-08T04:39:39+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2020-12-18T04:56:29+00:00 019bee54c6b3521daef72b266b69c9c40a8fd278 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
librpc/idl: Remove DCOM and WMI IDL 2023-07-28T10:48:32+00:00 Andrew Bartlett abartlet@samba.org 2023-07-26T20:06:48+00:00 e36a4149d80f08f84e1c4c5e35ca54937151927c As hinted in f2416493c0c779356606aebf0aceca8fa416b55c the DCOM and WMI IDL is now unused. These generate code with PIDL, costing a small amount of build time but more importantly are fuzzed, which costs an ongoing amount of CPU time as oss-fuzz tries to find parsing issues. We do not need to continue this waste, and these can be restored if this effort is ever to start again. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
As hinted in f2416493c0c779356606aebf0aceca8fa416b55c the DCOM and WMI
IDL is now unused.  These generate code with PIDL, costing a small
amount of build time but more importantly are fuzzed, which costs an
ongoing amount of CPU time as oss-fuzz tries to find parsing issues.

We do not need to continue this waste, and these can be restored
if this effort is ever to start again.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
lib/fuzzing: adapt fuzz_sddl_access_check for AD variant 2023-07-19T03:31:30+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2023-07-17T20:56:40+00:00 9ea606dad1147734c1877dd054dc769c4df4e005 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib/fuzzing: adapt fuzz_security_token_vs_descriptor for AD variant 2023-07-19T03:31:30+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2023-07-17T04:20:58+00:00 89b02bad3e2db7a9a3aceed7122c1d680cef728d This of course doesn't exercise the object tree or default SID code, but it still covers a lot to the *_ds access_check functions. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
This of course doesn't exercise the object tree or default SID code,
but it still covers a lot to the *_ds access_check functions.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib/fuzzing: add fuzzer for arbitrary token/sd access checks 2023-07-19T03:31:30+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2023-07-15T10:49:22+00:00 eb2bed3899b12ba90050d9530f4909175954b147 The token and descriptor are stored in NDR format; for this purpose we add a new IDL struct containing this pair (along with a desired access mask). An upcoming commit will show how to collect seeds for this fuzzer. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
The token and descriptor are stored in NDR format; for this purpose we
add a new IDL struct containing this pair (along with a desired access
mask).

An upcoming commit will show how to collect seeds for this fuzzer.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib/fuzzing: add fuzz_sddl_access_check 2023-07-19T03:31:30+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2023-07-12T01:03:53+00:00 5ad28bd76053fcbed5b1833c096c5623e7e34464 This fuzzer parses SDDL into a security descriptor and runs an access check on it using a known security token. This is purely for crash detection -- we don't know enough to assert whether the check should succeed or not. The seed strings used are compatible with those of fuzz_sddl_parse -- anything found by fuzz_sddl_parse is worth trying as a seed here, and vice versa. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
This fuzzer parses SDDL into a security descriptor and runs an access
check on it using a known security token. This is purely for crash
detection -- we don't know enough to assert whether the check should
succeed or not.

The seed strings used are compatible with those of fuzz_sddl_parse --
anything found by fuzz_sddl_parse is worth trying as a seed here, and
vice versa.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib/fuzzing: add fuzzer for sddl_parse 2023-04-28T02:15:36+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2020-12-18T04:58:56+00:00 9ab0d65fc0e0b52a7c24c2ca0d2b951a83e40acd Apart from catching crashes in the actual parsing, we abort if the SD we end up with will not round trip back through SDDL to an identical SD. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Apart from catching crashes in the actual parsing, we abort if the SD
we end up with will not round trip back through SDDL to an identical
SD.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>