git.samba.org / bbaumbach / samba-autobuild / .git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c8e3c78) | patch
librpc ndr: Heap-buffer-overflow in lzxpress_decompress
authorGary Lockyer <gary@catalyst.net.nz>
Thu, 23 Jan 2020 21:41:35 +0000 (10:41 +1300)
committerAndrew Bartlett <abartlet@samba.org>
Fri, 7 Feb 2020 08:53:40 +0000 (08:53 +0000)
commitae6927e4f08dcea89729d8e54363e98effab6624
tree715637f6f2fcaddb15b8ac43630e9f688e66648ftree
parentc8e3c78d4f2a6f3e122fe458aa6835772290a700commit | diff
librpc ndr: Heap-buffer-overflow in lzxpress_decompress

Reproducer for oss-fuzz Issue 20083

Project: samba
Fuzzing Engine: libFuzzer
Fuzz Target: fuzz_ndr_drsuapi_TYPE_OUT
Job Type: libfuzzer_asan_samba
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x6040000002fd
Crash State:
  lzxpress_decompress
    ndr_pull_compression_xpress_chunk
      ndr_pull_compression_start

Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
librpc/ndr/libndr.h diff | blob | history
librpc/tests/test_ndr.c [new file with mode: 0644] blob
librpc/wscript_build diff | blob | history
python/samba/tests/blackbox/ndrdump.py diff | blob | history
selftest/knownfail.d/bug-14236 [new file with mode: 0644] blob
source4/selftest/tests.py diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.