The branch, master has been updated
via 1e1b7b1 torture: add local verification trailer parsing test
via 4f59580 s3-lib/util: fix logic inside set_namearray loops.
from 8f46b13 s3-lib/util: fix read across end of namelist string
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 1e1b7b1021b16e3ab61c2fca8328c94e60a2c99c
Author: David Disseldorp <[email protected]>
Date: Tue Apr 8 19:49:37 2014 +0200
torture: add local verification trailer parsing test
Signed-off-by: David Disseldorp <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
Autobuild-User(master): Jeremy Allison <[email protected]>
Autobuild-Date(master): Wed Apr 9 03:44:15 CEST 2014 on sn-devel-104
commit 4f59580331b934b183c3344da57f2002d88d4512
Author: Jeremy Allison <[email protected]>
Date: Tue Apr 8 10:38:33 2014 -0700
s3-lib/util: fix logic inside set_namearray loops.
Additional fix for bug #10544 - s3-lib/util: set_namearray reads across end
of namelist string.
Not strictly needed as the initial fix addresses
the problem, but corrects the internal logic
inside the loops.
https://bugzilla.samba.org/show_bug.cgi?id=10544
Signed-off-by: Jeremy Allison <[email protected]>
Signed-off-by: Michael Adam <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
source3/lib/util.c | 26 +++++---
source4/torture/local/local.c | 1 +
source4/torture/local/verif_trailer.c | 101 +++++++++++++++++++++++++++++++++
source4/torture/local/wscript_build | 3 +-
4 files changed, 120 insertions(+), 11 deletions(-)
create mode 100644 source4/torture/local/verif_trailer.c
Changeset truncated at 500 lines:
diff --git a/source3/lib/util.c b/source3/lib/util.c
index d061200..945fc97 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -1071,11 +1071,13 @@ void set_namearray(name_compare_entry **ppname_array,
const char *namelist_in)
/* find the next '/' or consume remaining */
name_end = strchr_m(nameptr, '/');
- if (name_end == NULL)
- name_end = (char *)nameptr + strlen(nameptr);
-
- /* next segment please */
- nameptr = name_end + 1;
+ if (name_end == NULL) {
+ /* Point nameptr at the terminating '\0' */
+ nameptr += strlen(nameptr);
+ } else {
+ /* next segment please */
+ nameptr = name_end + 1;
+ }
num_entries++;
}
@@ -1105,10 +1107,9 @@ void set_namearray(name_compare_entry **ppname_array,
const char *namelist_in)
/* find the next '/' or consume remaining */
name_end = strchr_m(nameptr, '/');
- if (name_end)
+ if (name_end != NULL) {
*name_end = '\0';
- else
- name_end = nameptr + strlen(nameptr);
+ }
(*ppname_array)[i].is_wild = ms_has_wild(nameptr);
if(((*ppname_array)[i].name = SMB_STRDUP(nameptr)) == NULL) {
@@ -1117,8 +1118,13 @@ void set_namearray(name_compare_entry **ppname_array,
const char *namelist_in)
return;
}
- /* next segment please */
- nameptr = name_end + 1;
+ if (name_end == NULL) {
+ /* Point nameptr at the terminating '\0' */
+ nameptr += strlen(nameptr);
+ } else {
+ /* next segment please */
+ nameptr = name_end + 1;
+ }
i++;
}
diff --git a/source4/torture/local/local.c b/source4/torture/local/local.c
index d4e8911..681fca1 100644
--- a/source4/torture/local/local.c
+++ b/source4/torture/local/local.c
@@ -74,6 +74,7 @@
torture_dsdb_dn,
torture_dsdb_syntax,
torture_registry,
+ torture_local_verif_trailer,
NULL
};
diff --git a/source4/torture/local/verif_trailer.c
b/source4/torture/local/verif_trailer.c
new file mode 100644
index 0000000..eb95b21
--- /dev/null
+++ b/source4/torture/local/verif_trailer.c
@@ -0,0 +1,101 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ test suite for DCE/RPC verification trailer parsing
+
+ Copyright (C) David Disseldorp 2014
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include "includes.h"
+#include "librpc/gen_ndr/security.h"
+#include "lib/param/param.h"
+#include "lib/util/dlinklist.h"
+#include "libcli/resolve/resolve.h"
+#include "librpc/gen_ndr/ndr_dcerpc.h"
+#include "librpc/gen_ndr/ndr_dcerpc_c.h"
+#include "torture/torture.h"
+#include "torture/local/proto.h"
+
+/* VT blob obtained from an FSRVP request */
+uint8_t test_vt[] = {0x8a, 0xe3, 0x13, 0x71, 0x02, 0xf4, 0x36, 0x71,
+ 0x02, 0x40, 0x28, 0x00, 0x3c, 0x65, 0xe0, 0xa8,
+ 0x44, 0x27, 0x89, 0x43, 0xa6, 0x1d, 0x73, 0x73,
+ 0xdf, 0x8b, 0x22, 0x92, 0x01, 0x00, 0x00, 0x00,
+ 0x33, 0x05, 0x71, 0x71, 0xba, 0xbe, 0x37, 0x49,
+ 0x83, 0x19, 0xb5, 0xdb, 0xef, 0x9c, 0xcc, 0x36,
+ 0x01, 0x00, 0x00, 0x00};
+
+const char *vt_abstr_syntax =
"a8e0653c-2744-4389-a61d-7373df8b2292/0x00000001";
+const char *vt_trans_syntax =
"71710533-beba-4937-8319-b5dbef9ccc36/0x00000001";
+
+static bool test_verif_trailer_pctx(struct torture_context *tctx)
+{
+ DATA_BLOB blob;
+ bool ok;
+ struct dcerpc_sec_vt_pcontext pctx;
+ struct dcerpc_sec_verification_trailer *vt = NULL;
+ struct ndr_pull *ndr;
+ enum ndr_err_code ndr_err;
+ struct ndr_print *ndr_print;
+ TALLOC_CTX *mem_ctx = talloc_new(tctx);
+ torture_assert(tctx, mem_ctx != NULL, "mem");
+
+ blob.data = test_vt;
+ blob.length = ARRAY_SIZE(test_vt);
+
+ ndr = ndr_pull_init_blob(&blob, mem_ctx);
+ torture_assert(tctx, ndr != NULL, "ndr");
+
+ ndr_err = ndr_pop_dcerpc_sec_verification_trailer(ndr, mem_ctx, &vt);
+ torture_assert(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), "ndr");
+
+ ndr_print = talloc_zero(mem_ctx, struct ndr_print);
+ torture_assert(tctx, ndr_print != NULL, "mem");
+ ndr_print->print = ndr_print_printf_helper;
+ ndr_print->depth = 1;
+
+ ndr_print_dcerpc_sec_verification_trailer(ndr_print,
+ "Verification Trailer", vt);
+
+ ZERO_STRUCT(pctx);
+ ok = ndr_syntax_id_from_string(vt_abstr_syntax, &pctx.abstract_syntax);
+ torture_assert(tctx, ok, "vt_abstr_syntax");
+ ok = ndr_syntax_id_from_string(vt_trans_syntax, &pctx.transfer_syntax);
+ torture_assert(tctx, ok, "vt_trans_syntax");
+
+ ok = dcerpc_sec_verification_trailer_check(vt, NULL, &pctx, NULL);
+ torture_assert(tctx, ok, "VT check");
+
+ talloc_free(mem_ctx);
+
+ return true;
+}
+
+struct torture_suite *torture_local_verif_trailer(TALLOC_CTX *mem_ctx)
+{
+ struct torture_suite *suite = torture_suite_create(mem_ctx,
+ "verif_trailer");
+
+ torture_suite_add_simple_test(suite,
+ "pctx",
+ test_verif_trailer_pctx);
+
+ return suite;
+}
diff --git a/source4/torture/local/wscript_build
b/source4/torture/local/wscript_build
index c5d897a..2fad374 100644
--- a/source4/torture/local/wscript_build
+++ b/source4/torture/local/wscript_build
@@ -16,7 +16,8 @@ TORTURE_LOCAL_SOURCE =
'''../../../lib/util/charset/tests/iconv.c
../../param/tests/loadparm.c ../../../auth/credentials/tests/simple.c
local.c
dbspeed.c torture.c ../ldb/ldb.c ../../dsdb/common/tests/dsdb_dn.c
../../dsdb/schema/tests/schema_syntax.c
- ../../../lib/util/tests/anonymous_shared.c'''
+ ../../../lib/util/tests/anonymous_shared.c
+ verif_trailer.c'''
TORTURE_LOCAL_DEPS = 'RPC_NDR_ECHO TDR LIBCLI_SMB MESSAGING iconv
POPT_CREDENTIALS TORTURE_AUTH TORTURE_UTIL TORTURE_NDR TORTURE_LIBCRYPTO share
torture_registry PROVISION ldb samdb replace-test'
--
Samba Shared Repository
