git.samba.org / metze / samba / wip.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 049f0c3) | patch
librpc dnsp test: Ensure length matches union selector
authorGary Lockyer <gary@catalyst.net.nz>
Sun, 8 Dec 2019 20:19:47 +0000 (09:19 +1300)
committerAndrew Bartlett <abartlet@samba.org>
Thu, 12 Dec 2019 00:35:30 +0000 (00:35 +0000)
commitee4617ec5f4017e7ee3bbc29102054e7b64f3e3a
treeb16c79141a36f2d3197f3d0d95ac56973181d275tree
parent049f0c3870179aa4977f5d9c49e18566f166412ecommit | diff
librpc dnsp test: Ensure length matches union selector

Ensure that a dnsp_DnsProperty is rejected if the length data does not not
correspond to the length indicated by the union id.  It was possible for
the union to be referencing memory past the end of the structure.

Found by Douglas Bagnall using Hongfuzz and the new fuzz_ndr_X fuzzer.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14206
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
selftest/knownfail.d/bug-14206 [new file with mode: 0644] blob
source4/torture/ndr/dnsp.c diff | blob | history
source4/torture/ndr/ndr.c diff | blob | history
source4/torture/ndr/ndr.h diff | blob | history
Work in progress branches