[SCM] Samba Shared Repository - branch master updated

Jeremy Allison Mon, 18 Nov 2019 13:04:08 -0800

The branch, master has been updated
       via  d6fbfb276ce lib/fuzzing: Free memory after successful load in 
fuzz_tiniparser
       via  43bc0b2c763 lib/fuzzing: Avoid NULL pointer de-ref from 0-length 
input
      from  4aea5c0972d tevent: Release tevent 0.10.2


https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit d6fbfb276ce89ad40f47784300fb99cee9d4aac9
Author: Andrew Bartlett <[email protected]>
Date:   Thu Nov 7 16:52:48 2019 +1300

    lib/fuzzing: Free memory after successful load in fuzz_tiniparser
    
    Otherwise we have a memory leak and so fail the Google oss-fuzz check_build 
test.
    
    Signed-off-by: Andrew Bartlett <[email protected]>
    Reviewed-by: Jeremy Allison <[email protected]>
    
    Autobuild-User(master): Jeremy Allison <[email protected]>
    Autobuild-Date(master): Mon Nov 18 21:02:52 UTC 2019 on sn-devel-184

commit 43bc0b2c763284ec63ca1e750602f6a9b354f9ae
Author: Andrew Bartlett <[email protected]>
Date:   Thu Nov 7 15:08:18 2019 +1300

    lib/fuzzing: Avoid NULL pointer de-ref from 0-length input
    
    fmemopen() does not like 0-length input.
    
    Signed-off-by: Andrew Bartlett <[email protected]>
    Reviewed-by: Jeremy Allison <[email protected]>

-----------------------------------------------------------------------

Summary of changes:
 lib/fuzzing/fuzz_oLschema2ldif.c |  8 ++++++++
 lib/fuzzing/fuzz_tiniparser.c    | 16 ++++++++++++++--
 2 files changed, 22 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/fuzzing/fuzz_oLschema2ldif.c b/lib/fuzzing/fuzz_oLschema2ldif.c
index 4dd5668e673..a983f48d660 100644
--- a/lib/fuzzing/fuzz_oLschema2ldif.c
+++ b/lib/fuzzing/fuzz_oLschema2ldif.c
@@ -34,6 +34,14 @@ int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
        TALLOC_CTX *mem_ctx;
        struct conv_options opt;
 
+       if (len == 0) {
+               /*
+                * Otherwise fmemopen() will return null and set errno
+                * to EINVAL
+                */
+               return 0;
+       }
+
        mem_ctx = talloc_init(__FUNCTION__);
 
        opt.in = fmemopen(buf, len, "r");
diff --git a/lib/fuzzing/fuzz_tiniparser.c b/lib/fuzzing/fuzz_tiniparser.c
index a6e2ef7c2fe..6908f1815d7 100644
--- a/lib/fuzzing/fuzz_tiniparser.c
+++ b/lib/fuzzing/fuzz_tiniparser.c
@@ -27,11 +27,23 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
 
 int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
 {
-       FILE *fp;
+       FILE *fp = NULL;
+       struct tiniparser_dictionary *d = NULL;
+
+       if (len == 0) {
+               /*
+                * Otherwise fmemopen() will return null and set errno
+                * to EINVAL
+                */
+               return 0;
+       }
 
        fp = fmemopen(buf, len, "r");
 
-       tiniparser_load_stream(fp);
+       d = tiniparser_load_stream(fp);
+       if (d != NULL) {
+               tiniparser_freedict(d);
+       }
 
        fclose(fp);
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

Reply via email to