samba.git/lib/fuzzing, branch talloc-2.4.2 Unnamed repository; edit this file 'description' to name the repository. fuzz: allow max size conditional ACE round-trip failure 2023-12-22T00:51:13+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2023-12-20T01:26:00+00:00 b4563a24904e823497552f6e4ef77e8041f2cc5d The encoder, being cautious not to overstep the arbitrary 10000 byte boundary, might not encode an exactly 10000 byte condition. This is an off-by-one, but in the safe direction. Credit to OSS-Fuzz. REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65118 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Dec 22 00:51:13 UTC 2023 on atb-devel-224 
The encoder, being cautious not to overstep the arbitrary 10000 byte
boundary, might not encode an exactly 10000 byte condition. This
is an off-by-one, but in the safe direction.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65118

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Dec 22 00:51:13 UTC 2023 on atb-devel-224
lib/fuzzing: Fix code spelling 2023-12-08T02:28:33+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2023-11-27T06:41:13+00:00 ac86015041337e3547369f7d93ee41825fff1d6e Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
libcli/security: Optionally disallow device‐specific attributes and operators where they are not applicable 2023-11-09T08:00:30+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2023-11-03T01:57:02+00:00 935f4edd81f8115c390daa8f35c35dda64e99cfb Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
librpc:ndr: Introduce ‘ndr_flags_type’ type 2023-11-01T20:10:45+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2023-10-27T01:41:17+00:00 a396b705c8a8f3f0e10a925349034dd513cbc7dc Instead of ‘int’ or ‘uint32_t’, neither of which convey much meaning, consistently use a newly added type to hold NDR_ flags. Update the NDR 4.0.0 ABI. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Instead of ‘int’ or ‘uint32_t’, neither of which convey much meaning,
consistently use a newly added type to hold NDR_ flags.

Update the NDR 4.0.0 ABI.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
librpc:ndr: Introduce ‘libndr_flags’ type 2023-11-01T20:10:45+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2023-07-10T03:47:03+00:00 c4f281e9ae36c225b6003e0fa1cb8fb2e67bf543 The LIBNDR_FLAG_ namespace is getting dangerously full, with only a single flag value (1 << 9) remaining for use. After that flag is put into use, we won’t be able to add any new flags without increasing the flag width to 64‐bit. Up to now we’ve used a haphazard mix of int, unsigned, and uint32_t to store these flags. Introduce a new type, ‘libndr_flags’, to be used consistently to hold LIBNDR flags. If in the future we find we need to move to 64‐bit flags, this type gives us an opportunity to do that. Bump the NDR version to 4.0.0 — an major version increment, for we’re changing the function ABI and adding the new symbol ndr_print_libndr_flags. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
The LIBNDR_FLAG_ namespace is getting dangerously full, with only a
single flag value (1 << 9) remaining for use. After that flag is put
into use, we won’t be able to add any new flags without increasing the
flag width to 64‐bit.

Up to now we’ve used a haphazard mix of int, unsigned, and uint32_t to
store these flags. Introduce a new type, ‘libndr_flags’, to be used
consistently to hold LIBNDR flags. If in the future we find we need to
move to 64‐bit flags, this type gives us an opportunity to do that.

Bump the NDR version to 4.0.0 — an major version increment, for we’re
changing the function ABI and adding the new symbol
ndr_print_libndr_flags.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib/fuzzing: Fix code spelling 2023-10-25T22:23:37+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2023-09-20T03:54:49+00:00 97566f1b832c7908f6a1650c8c4f5deccbb59e70 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
fuzzing: fuzz_sddl_parse forgives bad utf-8 2023-09-26T23:45:36+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2023-09-22T03:19:32+00:00 3be69fc3dcedee77d8eacf7cf82d0f33df2d42fe Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib/fuzzing: fuzz_sddl_parse: allow non-round-trip with long strings 2023-09-26T23:45:36+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2023-09-21T03:03:23+00:00 b3f92b475c31bd2a4423c7531c62cc621bb102e6 There is a borderline case where a conditional ACE unicode string becomes longer than the SDDL parser wants to handle when control characters are given canonical escaping. This can make the round trip fail, but it isn't really a problem. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
There is a borderline case where a conditional ACE unicode string
becomes longer than the SDDL parser wants to handle when control
characters are given canonical escaping. This can make the round trip
fail, but it isn't really a problem.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib/fuzzing: adjust access-check seed patch 2023-09-26T23:45:35+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2023-07-20T22:51:29+00:00 cc17c3e21dfc88f5344696b53686b233f4419c28 Now that access_check.c includes headers for conditional ACEs, the patch should take that into account. Also, we check for a talloc failure. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Now that access_check.c includes headers for conditional ACEs, the patch
should take that into account.

Also, we check for a talloc failure.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib/fuzzing: fuzz_conditional_ace_blob 2023-09-26T23:45:35+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2023-06-29T03:15:08+00:00 ea4caa45ab3c76c47b965df913e1286367a0d07f This parses the blob as a conditional ACE, and if possible tries decompiling it into SDDL. There are not many round-trip assertions we can honestly make, but we keep the trip going as long as possible, in case it reveals anything. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
This parses the blob as a conditional ACE, and if possible tries
decompiling it into SDDL.

There are not many round-trip assertions we can honestly make, but we
keep the trip going as long as possible, in case it reveals anything.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>