selftest: Add test for ndr_size_union() faulting on a NULL pointer

author Andrew Bartlett <abartlet@samba.org>

Wed, 4 Dec 2019 03:49:13 +0000 (16:49 +1300)

committer Andrew Bartlett <abartlet@samba.org>

Thu, 12 Dec 2019 02:30:39 +0000 (02:30 +0000)
author Andrew Bartlett <abartlet@samba.org>
Wed, 4 Dec 2019 03:49:13 +0000 (16:49 +1300)
committer Andrew Bartlett <abartlet@samba.org>
Thu, 12 Dec 2019 02:30:39 +0000 (02:30 +0000)
diff --git a/python/samba/tests/blackbox/ndrdump.py b/python/samba/tests/blackbox/ndrdump.py

index a1528d86485849af0eab7153b8b87a8bf7c1bf55..7e42fbef1c5c0c0030795d8a80e58ba2ac395a20 100644 (file)
--- a/python/samba/tests/blackbox/ndrdump.py
+++ b/python/samba/tests/blackbox/ndrdump.py
@@ -367,3 +367,34 @@ dump OK
          self.assertEqual(actual[:len(expected_head)],
                           expected_head)
          self.assertTrue(actual.endswith(expected_tail))
+
+    # Test a --validate push of a NULL union pointer
+    def test_ndrdump_fuzzed_NULL_union_PAC_BUFFER(self):
+        expected = b'''pull returned Success
+WARNING! 13 unread bytes
+[0000] F5 FF 00 3C 3C 25 FF 70   16 1F A0 12 84            ...<<%.p .....
+    PAC_BUFFER: struct PAC_BUFFER
+        type                     : UNKNOWN_ENUM_VALUE (1094251328)
+        _ndr_size                : 0x048792c6 (75993798)
+        info                     : NULL
+        _pad                     : 0x06000000 (100663296)
+push returned Success
+pull returned Success
+    PAC_BUFFER: struct PAC_BUFFER
+        type                     : UNKNOWN_ENUM_VALUE (1094251328)
+        _ndr_size                : 0x00000000 (0)
+        info                     : NULL
+        _pad                     : 0x00000000 (0)
+WARNING! orig bytes:29 validated pushed bytes:16
+WARNING! orig and validated differ at byte 0x04 (4)
+WARNING! orig byte[0x04] = 0xC6 validated byte[0x04] = 0x00
+dump OK
+'''
+        try:
+            actual = self.check_output(
+                "ndrdump krb5pac PAC_BUFFER struct --validate --input " +\
+                "QPM4QcaShwQAAAAAAAAABvX/ADw8Jf9wFh+gEoQ= --base64-input")
+        except BlackboxProcessError as e:
+            self.fail(e)
+
+        self.assertEqual(actual, expected)
diff --git a/selftest/knownfail.d/ndrdump-NULL-union b/selftest/knownfail.d/ndrdump-NULL-union

new file mode 100644 (file)

index 0000000..64e7e93
--- /dev/null
+++ b/selftest/knownfail.d/ndrdump-NULL-union
@@ -0,0 +1 @@
+^samba.tests.blackbox.ndrdump.samba.tests.blackbox.ndrdump.NdrDumpTests.test_ndrdump_fuzzed_NULL_union_PAC_BUFFER
author	Andrew Bartlett <abartlet@samba.org>
	Wed, 4 Dec 2019 03:49:13 +0000 (16:49 +1300)
committer	Andrew Bartlett <abartlet@samba.org>
	Thu, 12 Dec 2019 02:30:39 +0000 (02:30 +0000)
python/samba/tests/blackbox/ndrdump.py		patch \| blob \| history
selftest/knownfail.d/ndrdump-NULL-union	[new file with mode: 0644]	patch \| blob