git.samba.org / amitay / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 75367e4)
fuzzing: check for NULL on ldb_init()
authorDouglas Bagnall <douglas.bagnall@catalyst.net.nz>
Thu, 16 Jan 2020 20:59:26 +0000 (09:59 +1300)
committerAndreas Schneider <asn@cryptomilk.org>
Fri, 17 Jan 2020 12:59:35 +0000 (12:59 +0000)
We simply return 0 because failure here is not a problem with the code we
are actually trying to fuzz. Without this asan is unhappy.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
lib/fuzzing/fuzz_ldb_dn_explode.c patch | blob | history
lib/fuzzing/fuzz_ldb_ldif_read.c patch | blob | history
lib/fuzzing/fuzz_ldb_parse_control.c patch | blob | history

diff --git a/lib/fuzzing/fuzz_ldb_dn_explode.c b/lib/fuzzing/fuzz_ldb_dn_explode.c
index dade67567cbeda78efb93fa4cf5aeb7c16ebf9e7..29747178e3ea5ec42228a5b076c5effe019de969 100644 (file)
--- a/lib/fuzzing/fuzz_ldb_dn_explode.c
+++ b/lib/fuzzing/fuzz_ldb_dn_explode.c
@@ -27,6 +27,9 @@ int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
 {
        struct ldb_dn *dn = NULL;
        struct ldb_context *ldb = ldb_init(NULL, NULL);
+       if (ldb == NULL) {
+               return 0;
+       }
        /*
         * We copy the buffer in order to NUL-terminate, because running off
         *  the end of the string would be an uninteresting crash.
diff --git a/lib/fuzzing/fuzz_ldb_ldif_read.c b/lib/fuzzing/fuzz_ldb_ldif_read.c
index f2c46bc9bebd162c77e31226751a3db79f9ae004..4eee17018364e00ffef055018d159f6607430446 100644 (file)
--- a/lib/fuzzing/fuzz_ldb_ldif_read.c
+++ b/lib/fuzzing/fuzz_ldb_ldif_read.c
@@ -26,8 +26,11 @@ char buf[MAX_LENGTH + 1] = {0};
 int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
 {
        struct ldb_ldif *ldif = NULL;
-       struct ldb_context *ldb = ldb_init(NULL, NULL);
        const char *s = NULL;
+       struct ldb_context *ldb = ldb_init(NULL, NULL);
+       if (ldb == NULL) {
+               return 0;
+       }
        
        if (len > MAX_LENGTH) {
                len = MAX_LENGTH;
diff --git a/lib/fuzzing/fuzz_ldb_parse_control.c b/lib/fuzzing/fuzz_ldb_parse_control.c
index bd3fda87fdbb2c7eebdb9e609d6219ea1c6712ec..98af24a8000cab7feca7cb281a26f835871781ac 100644 (file)
--- a/lib/fuzzing/fuzz_ldb_parse_control.c
+++ b/lib/fuzzing/fuzz_ldb_parse_control.c
@@ -27,8 +27,11 @@ int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
 {
        struct ldb_control *control = NULL;
        struct ldb_context *ldb = ldb_init(NULL, NULL);
+       if (ldb == NULL) {
+               return 0;
+       }
        /*
-        * We copy the buffer in order to NUL-teminate, because running off
+        * We copy the buffer in order to NUL-terminate, because running off
         *  the end of the string would be an uninteresting crash.
         */
        if (len > MAX_LENGTH) {
Amitay's Samba development tree