} while (0)
#define NDR_PULL_NEED_BYTES(ndr, n) do { \
- if (unlikely((n) > ndr->data_size || ndr->offset + (n) > ndr->data_size)) { \
+ if (unlikely(\
+ (n) > ndr->data_size || \
+ ndr->offset + (n) > ndr->data_size || \
+ ndr->offset + (n) < ndr->offset)) { \
if (ndr->flags & LIBNDR_FLAG_INCOMPLETE_BUFFER) { \
uint32_t _available = ndr->data_size - ndr->offset; \
uint32_t _missing = n - _available; \
--- /dev/null
+/*
+ * Tests for librpc ndr functions
+ *
+ * Copyright (C) Catalyst.NET Ltd 2020
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+/*
+ * from cmocka.c:
+ * These headers or their equivalents should be included prior to
+ * including
+ * this header file.
+ *
+ * #include <stdarg.h>
+ * #include <stddef.h>
+ * #include <setjmp.h>
+ *
+ * This allows test applications to use custom definitions of C standard
+ * library functions and types.
+ *
+ */
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include "librpc/ndr/libndr.h"
+
+/*
+ * Test NDR_PULL_NEED_BYTES integer overflow handling.
+ */
+static enum ndr_err_code wrap_NDR_PULL_NEED_BYTES(
+ struct ndr_pull *ndr,
+ uint32_t bytes) {
+
+ NDR_PULL_NEED_BYTES(ndr, bytes);
+ return NDR_ERR_SUCCESS;
+}
+
+static void test_NDR_PULL_NEED_BYTES(void **state)
+{
+ struct ndr_pull ndr = {0};
+ enum ndr_err_code err;
+
+ ndr.data_size = UINT32_MAX;
+ ndr.offset = UINT32_MAX -1;
+
+ /*
+ * This will not cause an overflow
+ */
+ err = wrap_NDR_PULL_NEED_BYTES(&ndr, 1);
+ assert_int_equal(NDR_ERR_SUCCESS, err);
+
+ /*
+ * This will cause an overflow
+ * and (offset + n) will be less than data_size
+ */
+ err = wrap_NDR_PULL_NEED_BYTES(&ndr, 2);
+ assert_int_equal(NDR_ERR_BUFSIZE, err);
+}
+
+int main(int argc, const char **argv)
+{
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test(test_NDR_PULL_NEED_BYTES),
+ };
+
+ cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+ return cmocka_run_group_tests(tests, NULL, NULL);
+}
self.fail(e)
self.assertEqual(actual, expected)
+
+ def test_ndrdump_fuzzed_ndr_compression(self):
+ expected = 'pull returned Buffer Size Error'
+ command = (
+ "ndrdump drsuapi 3 out --base64-input "
+ "--input BwAAAAcAAAAGAAAAAwAgICAgICAJAAAAICAgIAkAAAAgIAAA//////8=")
+ try:
+ actual = self.check_exit_code(command, 2)
+ except BlackboxProcessError as e:
+ self.fail(e)
+ # check_output will return bytes
+ # convert expected to bytes for python 3
+ self.assertRegex(actual.decode('utf8'), expected + '$')
[os.path.join(bindir(), "test_repl_decrypt")])
plantestsuite("librpc.ndr.ndr_string", "none",
[os.path.join(bindir(), "test_ndr_string")])
+plantestsuite("librpc.ndr.ndr", "none",
+ [os.path.join(bindir(), "test_ndr")])
# process restart and limit tests, these break the environment so need to run
# in their own specific environment