lib/fuzzing/fuzz_dcerpc_parse_binding.c

   1 /*
   2   Fuzz dcerpc_parse_binding
   3   Copyright (C) Catalyst IT 2020
   4
   5   This program is free software; you can redistribute it and/or modify
   6   it under the terms of the GNU General Public License as published by
   7   the Free Software Foundation; either version 3 of the License, or
   8   (at your option) any later version.
   9
  10   This program is distributed in the hope that it will be useful,
  11   but WITHOUT ANY WARRANTY; without even the implied warranty of
  12   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13   GNU General Public License for more details.
  14
  15   You should have received a copy of the GNU General Public License
  16   along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17 */
  18 #include "includes.h"
  19 #include "librpc/gen_ndr/ndr_epmapper.h"
  20 #include "librpc/rpc/dcerpc.h"
  21 #include "fuzzing/fuzzing.h"
  22
  23 #define MAX_LENGTH (1024 * 10)
  24 char buf[MAX_LENGTH + 1];
  25
  26
  27 int LLVMFuzzerTestOneInput(const uint8_t *input, size_t len)
  28 {
  29         TALLOC_CTX *mem_ctx = NULL;
  30         struct dcerpc_binding *binding = NULL;
  31         struct dcerpc_binding *dup = NULL;
  32         struct epm_tower tower;
  33         NTSTATUS status;
  34         struct GUID guid;
  35
  36         if (len > MAX_LENGTH) {
  37                 return 0;
  38         }
  39
  40         memcpy(buf, input, len);
  41         buf[len]  = '\0';
  42
  43         mem_ctx = talloc_new(NULL);
  44         status = dcerpc_parse_binding(mem_ctx, buf, &binding);
  45
  46         if (! NT_STATUS_IS_OK(status)) {
  47                 talloc_free(mem_ctx);
  48                 return 0;
  49         }
  50
  51         /* If the string parses, we try manipulating it a bit */
  52
  53         dcerpc_binding_string(mem_ctx, binding);
  54         dcerpc_binding_get_abstract_syntax(binding);
  55         dup = dcerpc_binding_dup(mem_ctx, binding);
  56
  57         status = dcerpc_binding_build_tower(mem_ctx,
  58                                             binding,
  59                                             &tower);
  60         if (NT_STATUS_IS_OK(status)) {
  61                 status = dcerpc_binding_from_tower(mem_ctx,
  62                                                    &tower,
  63                                                    &dup);
  64         }
  65
  66         guid = dcerpc_binding_get_object(binding);
  67
  68         talloc_free(mem_ctx);
  69         return 0;
  70 }
  71
  72
  73 int LLVMFuzzerInitialize(int *argc, char ***argv)
  74 {
  75         return 0;
  76 }