/* this is used to ensure we generate unique reference IDs
between request and reply */
uint32_t ptr_count;
+ uint32_t recursion_depth;
+ /*
+ * The global maximum depth for recursion. When set it overrides the
+ * value supplied by the max_recursion idl attribute. This is needed
+ * for fuzzing as ASAN uses a low threshold for stack depth to check
+ * for stack overflow.
+ */
+ uint32_t global_max_recursion;
};
/* structure passed to functions that generate NDR formatted data */
NDR_ERR_UNREAD_BYTES,
NDR_ERR_NDR64,
NDR_ERR_FLAGS,
- NDR_ERR_INCOMPLETE_BUFFER
+ NDR_ERR_INCOMPLETE_BUFFER,
+ NDR_ERR_MAX_RECURSION_EXCEEDED,
+ NDR_ERR_UNDERFLOW
};
#define NDR_ERR_CODE_IS_SUCCESS(x) (x == NDR_ERR_SUCCESS)
} \
} while(0)
+#define NDR_RECURSION_CHECK(ndr, d) do { \
+ uint32_t _ndr_min_ = (d); \
+ if (ndr->global_max_recursion && ndr->global_max_recursion < (d)) { \
+ _ndr_min_ = ndr->global_max_recursion; \
+ } \
+ ndr->recursion_depth++; \
+ if (unlikely(ndr->recursion_depth > _ndr_min_)) { \
+ return ndr_pull_error( \
+ ndr, \
+ NDR_ERR_MAX_RECURSION_EXCEEDED, \
+ "Depth of recursion exceeds (%u)", \
+ (unsigned) d); \
+ } \
+} while (0)
+
+#define NDR_RECURSION_UNWIND(ndr) do { \
+ if (unlikely(ndr->recursion_depth == 0)) { \
+ return ndr_pull_error( \
+ ndr, \
+ NDR_ERR_UNDERFLOW, \
+ "ndr_pull.recursion_depth is 0"); \
+ } \
+ ndr->recursion_depth--; \
+} while (0)
+
/* these are used to make the error checking on each element in libndr
less tedious, hopefully making the code more readable */
#define NDR_CHECK(call) do { \
--- /dev/null
+/*
+ * Tests for librpc ndr functions
+ *
+ * Copyright (C) Catalyst.NET Ltd 2020
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+/*
+ * from cmocka.c:
+ * These headers or their equivalents should be included prior to
+ * including
+ * this header file.
+ *
+ * #include <stdarg.h>
+ * #include <stddef.h>
+ * #include <setjmp.h>
+ *
+ * This allows test applications to use custom definitions of C standard
+ * library functions and types.
+ *
+ */
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include "librpc/ndr/libndr.h"
+
+/*
+ * Test NDR_RECURSION_CHECK.
+ */
+static enum ndr_err_code wrap_NDR_RECURSION_CHECK(
+ struct ndr_pull *ndr,
+ uint32_t bytes) {
+
+ NDR_RECURSION_CHECK(ndr, bytes);
+ return NDR_ERR_SUCCESS;
+}
+
+static void test_NDR_RECURSION_CHECK(void **state)
+{
+ struct ndr_pull ndr = {0};
+ enum ndr_err_code err;
+
+
+ ndr.global_max_recursion = 0;
+ ndr.recursion_depth = 42;
+ err = wrap_NDR_RECURSION_CHECK(&ndr, 43);
+ assert_int_equal(NDR_ERR_SUCCESS, err);
+ assert_int_equal(43, ndr.recursion_depth);
+
+ ndr.global_max_recursion = 0;
+ ndr.recursion_depth = 43;
+ err = wrap_NDR_RECURSION_CHECK(&ndr, 43);
+ assert_int_equal(NDR_ERR_MAX_RECURSION_EXCEEDED, err);
+ assert_int_equal(44, ndr.recursion_depth);
+
+ ndr.global_max_recursion = 0;
+ ndr.recursion_depth = 44;
+ err = wrap_NDR_RECURSION_CHECK(&ndr, 43);
+ assert_int_equal(NDR_ERR_MAX_RECURSION_EXCEEDED, err);
+ assert_int_equal(45, ndr.recursion_depth);
+
+ ndr.global_max_recursion = 5;
+ ndr.recursion_depth = 5;
+ err = wrap_NDR_RECURSION_CHECK(&ndr, 20);
+ assert_int_equal(NDR_ERR_MAX_RECURSION_EXCEEDED, err);
+ assert_int_equal(6, ndr.recursion_depth);
+
+ ndr.global_max_recursion = 5;
+ ndr.recursion_depth = 4;
+ err = wrap_NDR_RECURSION_CHECK(&ndr, 20);
+ assert_int_equal(NDR_ERR_SUCCESS, err);
+ assert_int_equal(5, ndr.recursion_depth);
+
+ ndr.global_max_recursion = 20;
+ ndr.recursion_depth = 5;
+ err = wrap_NDR_RECURSION_CHECK(&ndr, 5);
+ assert_int_equal(NDR_ERR_MAX_RECURSION_EXCEEDED, err);
+ assert_int_equal(6, ndr.recursion_depth);
+
+ ndr.global_max_recursion = 20;
+ ndr.recursion_depth = 4;
+ err = wrap_NDR_RECURSION_CHECK(&ndr, 5);
+ assert_int_equal(NDR_ERR_SUCCESS, err);
+ assert_int_equal(5, ndr.recursion_depth);
+}
+
+/*
+ * Test NDR_RECURSION_RETURN.
+ */
+static enum ndr_err_code wrap_NDR_RECURSION_UNWIND(
+ struct ndr_pull *ndr) {
+
+ NDR_RECURSION_UNWIND(ndr);
+ return NDR_ERR_SUCCESS;
+}
+
+static void test_NDR_RECURSION_UNWIND(void **state)
+{
+ struct ndr_pull ndr = {0};
+ enum ndr_err_code err;
+
+ ndr.recursion_depth = 5;
+ err = wrap_NDR_RECURSION_UNWIND(&ndr);
+ assert_int_equal(NDR_ERR_SUCCESS, err);
+ assert_int_equal(4, ndr.recursion_depth);
+
+ ndr.recursion_depth = 0;
+ err = wrap_NDR_RECURSION_UNWIND(&ndr);
+ assert_int_equal(NDR_ERR_UNDERFLOW, err);
+ assert_int_equal(0, ndr.recursion_depth);
+
+}
+int main(int argc, const char **argv)
+{
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test(test_NDR_RECURSION_CHECK),
+ cmocka_unit_test(test_NDR_RECURSION_UNWIND),
+ };
+
+ cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+ return cmocka_run_group_tests(tests, NULL, NULL);
+}