CVE-2020-14323 torture4: Add a simple test for invalid lookup_sids winbind call

We can't add this test before the fix, add it to knownfail and have the fix
remove the knownfail entry again. As this crashes winbind, many tests after
this one will fail.

Reported by Bas Alberts of the GitHub Security Lab Team as GHSL-2020-134

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14436
Signed-off-by: Volker Lendecke <vl@samba.org>

diff --git a/source4/torture/winbind/struct_based.c b/source4/torture/winbind/struct_based.c
index 9745b621ca96d92cc2d76013b12d05e9eda22eef..71f248c0d61d4d2aa60e750e1a9663e706e4cb3b 100644 (file)
--- a/source4/torture/winbind/struct_based.c
+++ b/source4/torture/winbind/struct_based.c
@@ -1110,6 +1110,29 @@ static bool torture_winbind_struct_lookup_name_sid(struct torture_context *tortu
        return true;
 }
 
+static bool torture_winbind_struct_lookup_sids_invalid(
+       struct torture_context *torture)
+{
+       struct winbindd_request req = {0};
+       struct winbindd_response rep = {0};
+       bool strict = torture_setting_bool(torture, "strict mode", false);
+       bool ok;
+
+       torture_comment(torture,
+                       "Running WINBINDD_LOOKUP_SIDS (struct based)\n");
+
+       ok = true;
+       DO_STRUCT_REQ_REP_EXT(WINBINDD_LOOKUPSIDS, &req, &rep,
+                             NSS_STATUS_NOTFOUND,
+                             strict,
+                             ok=false,
+                             talloc_asprintf(
+                                     torture,
+                                     "invalid lookupsids succeeded"));
+
+       return ok;
+}
+
 struct torture_suite *torture_winbind_struct_init(TALLOC_CTX *ctx)
 {
        struct torture_suite *suite = torture_suite_create(ctx, "struct");
@@ -1132,6 +1155,10 @@ struct torture_suite *torture_winbind_struct_init(TALLOC_CTX *ctx)
        torture_suite_add_simple_test(suite, "getpwent", torture_winbind_struct_getpwent);
        torture_suite_add_simple_test(suite, "endpwent", torture_winbind_struct_endpwent);
        torture_suite_add_simple_test(suite, "lookup_name_sid", torture_winbind_struct_lookup_name_sid);
+       torture_suite_add_simple_test(
+               suite,
+               "lookup_sids_invalid",
+               torture_winbind_struct_lookup_sids_invalid);
 
        suite->description = talloc_strdup(suite, "WINBIND - struct based protocol tests");