samba.git/lib/util/asn1.c, branch talloc-2.3.2 Unnamed repository; edit this file 'description' to name the repository. utils/asn1: avoid undefined behaviour warning 2020-09-11T05:05:59+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2020-09-05T21:35:49+00:00 ed9abf94b3167a1a61b5da163e9b07b06c8a457b UBSAN does not like an int >= 1<<24 being shifted left. We check the overflow in the very next line. Credit to OSS-Fuzz. REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25436 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Sep 11 05:05:59 UTC 2020 on sn-devel-184 
UBSAN does not like an int >= 1<<24 being shifted left.
We check the overflow in the very next line.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25436

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Sep 11 05:05:59 UTC 2020 on sn-devel-184
lib/util/asn1: avoid technically undefined shift 2020-08-31T21:06:29+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2020-08-06T05:10:30+00:00 9c3ff1b9554905ad03fcd22afb832936073b2c31 UBSAN says runtime error: left shift of 255 by 24 places cannot be represented in type 'int' Credit to OSS-Fuzz. REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22889 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
UBSAN says

 runtime error: left shift of 255 by 24 places cannot be represented in type 'int'

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22889

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
lib: relicense smb_strtoul(l) under LGPLv3 2020-08-03T22:21:02+00:00 Ralph Boehme slow@samba.org 2020-07-03T06:11:20+00:00 23274717563b19684c52f8a909f528f608dafd7c Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Swen Schillig <swen@linux.ibm.com> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Aug 3 22:21:04 UTC 2020 on sn-devel-184 
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug  3 22:21:04 UTC 2020 on sn-devel-184
lib util ASN.1: Panic on ASN.1 tag mismatch 2020-05-10T21:45:38+00:00 Gary Lockyer gary@catalyst.net.nz 2020-04-28T23:09:34+00:00 ac8000110064055a986c0c1fee896fddd302114b If the ASN.1 depth is zero in asn1_end_tag, call smb_panic. Rather than ignoring the condition. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
If the ASN.1 depth is zero in asn1_end_tag, call smb_panic. Rather than
ignoring the condition.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib util asn1: modernize debug calls 2020-05-06T22:53:02+00:00 Gary Lockyer gary@catalyst.net.nz 2020-05-05T21:11:55+00:00 3d2dd6296d51f8ee21e5836aae39f7f4a38c0604 Replace DEBUG(0 with DBG_ERR( Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Gary Lockyer <gary@samba.org> Autobuild-Date(master): Wed May 6 22:53:02 UTC 2020 on sn-devel-184 
Replace DEBUG(0 with DBG_ERR(

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Wed May  6 22:53:02 UTC 2020 on sn-devel-184
CVE-2020-10704 libcli ldap: Check search request lengths. 2020-05-04T04:40:10+00:00 Gary Lockyer gary@catalyst.net.nz 2020-04-07T22:46:44+00:00 bac809348a7313a5a5a53866848e7b6b56665f43 Check the search request lengths against the limits passed to ldap_decode. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Gary Lockyer <gary@samba.org> Autobuild-Date(master): Mon May 4 04:40:10 UTC 2020 on sn-devel-184 
Check the search request lengths against the limits passed to
ldap_decode.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Mon May  4 04:40:10 UTC 2020 on sn-devel-184
CVE-2020-10704: lib util asn1: Check parse tree depth 2020-05-04T02:59:32+00:00 Gary Lockyer gary@catalyst.net.nz 2020-04-08T03:30:52+00:00 767558d4242f311bbf9ae8f5d86e0988a5baaeb9 Check the current depth of the parse tree and reject the input if the depth exceeds that passed to asn1_init Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Check the current depth of the parse tree and reject the input if the
depth exceeds that passed to asn1_init

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
CVE-2020-10704: lib util asn1: Add ASN.1 max tree depth 2020-05-04T02:59:31+00:00 Gary Lockyer gary@catalyst.net.nz 2020-04-02T23:18:03+00:00 f467727db5ff6a6e58d9b590e4d443a1d974b679 Add maximum parse tree depth to the call to asn1_init, which will be used to limit the depth of the ASN.1 parse tree. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Add maximum parse tree depth to the call to asn1_init, which will be
used to limit the depth of the ASN.1 parse tree.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib: asn1.c: Prevent ASN1_ENUMERATED from wrapping. 2020-01-29T01:02:03+00:00 Jeremy Allison jra@samba.org 2020-01-23T21:59:18+00:00 2d5b7c9a50d1514cf6e5aa3f1cc4f4b5c3c6ff22 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14238 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <dbagnall@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jan 29 01:02:04 UTC 2020 on sn-devel-184 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14238

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <dbagnall@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 29 01:02:04 UTC 2020 on sn-devel-184
lib: Update all consumers of strtoul_err(), strtoull_err() to new API 2019-06-30T11:32:18+00:00 Swen Schillig swen@linux.ibm.com 2019-06-04T06:57:03+00:00 a8bbd60fd9d10afa0aaf9359782428b8836a9732 Signed-off-by: Swen Schillig <swen@linux.ibm.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> 
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>