-
Notifications
You must be signed in to change notification settings - Fork 436
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
selftest: Test repushing an ntlmssp AUTHENTICATE_MESSAGE
This demonstrates a bug found by Douglas Bagnall using Hongfuzz and the new fuzz_ndr_X fuzzer where the value() evaluatuion could segfault if it was made to follow a NULL pointer. This also demonstrates that the --base64 mode works on file inputs. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
- Loading branch information
Showing
4 changed files
with
148 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
samba.tests.blackbox.ndrdump.samba.tests.blackbox.ndrdump.NdrDumpTests.test_ndrdump_fuzzed_ntlmsssp_AUTHENTICATE_MESSAGE |
1 change: 1 addition & 0 deletions
1
source4/librpc/tests/fuzzed_ntlmssp-AUTHENTICATE_MESSAGE.b64.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
AA4AAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAzOQAAAAAAAAABAAAAAAAAAAD//gAAAAAAAAAABDMyMTUyMTE1MDI2MzE0Njg3/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+5+T2dekB8vfW3brf3WrDRDczOQAAAAA= |
134 changes: 134 additions & 0 deletions
134
source4/librpc/tests/fuzzed_ntlmssp-AUTHENTICATE_MESSAGE.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,134 @@ | ||
pull returned Success | ||
WARNING! 188 unread bytes | ||
[0000] 04 33 32 31 35 32 31 31 35 30 32 36 33 31 34 36 .3215211 50263146 | ||
[0010] 38 37 FE FE FE FE FE FE FE FE FE FE FE FE FE FE 87...... ........ | ||
[0020] FE FE FE FE FE FE FE FE FE FE FE FE FE FE FE FE ........ ........ | ||
[0030] FE FE FE FE FE FE FE FE FE FE FE FE FE FE FE FE ........ ........ | ||
[0040] FE FE FE FE FE FE FE FE FE FE FE FE FE FE FE FE ........ ........ | ||
[0050] FE FE FE FE FE FE FE FE FE FE FE FE FE FE FE FE ........ ........ | ||
[0060] FE FE FE FE FE FE FE FE FE FE FE FE FE FE FE FE ........ ........ | ||
[0070] FE FE FE FE FE FE FE FE FE FE FE FE FE FE FE FE ........ ........ | ||
[0080] FE FE FE FE FE FE FE FE FE FE FE FE FE FE FE FE ........ ........ | ||
[0090] FE FE FE FE FE FE FE FE FE FE FE FE FE FE FE FE ........ ........ | ||
[00A0] FE FE FE FE FE E7 E4 F6 75 E9 01 F2 F7 D6 DD BA ........ u....... | ||
[00B0] DF DD 6A C3 44 37 33 39 00 00 00 00 ..j.D739 .... | ||
AUTHENTICATE_MESSAGE: struct AUTHENTICATE_MESSAGE | ||
Signature : '' | ||
MessageType : UNKNOWN_ENUM_VALUE (0) | ||
LmChallengeResponseLen : 0x0000 (0) | ||
LmChallengeResponseMaxLen: 0x0000 (0) | ||
LmChallengeResponse : NULL | ||
NtChallengeResponseLen : 0x0000 (0) | ||
NtChallengeResponseMaxLen: 0x0000 (0) | ||
NtChallengeResponse : NULL | ||
DomainNameLen : 0x0000 (0) | ||
DomainNameMaxLen : 0x0000 (0) | ||
DomainName : NULL | ||
UserNameLen : 0x0000 (0) | ||
UserNameMaxLen : 0x0001 (1) | ||
UserName : NULL | ||
WorkstationLen : 0x3933 (14643) | ||
WorkstationMaxLen : 0x0000 (0) | ||
Workstation : NULL | ||
EncryptedRandomSessionKeyLen: 0x0100 (256) | ||
EncryptedRandomSessionKeyMaxLen: 0x0000 (0) | ||
EncryptedRandomSessionKey: NULL | ||
NegotiateFlags : 0xfeff0000 (4278124544) | ||
0: NTLMSSP_NEGOTIATE_UNICODE | ||
0: NTLMSSP_NEGOTIATE_OEM | ||
0: NTLMSSP_REQUEST_TARGET | ||
0: NTLMSSP_NEGOTIATE_SIGN | ||
0: NTLMSSP_NEGOTIATE_SEAL | ||
0: NTLMSSP_NEGOTIATE_DATAGRAM | ||
0: NTLMSSP_NEGOTIATE_LM_KEY | ||
0: NTLMSSP_NEGOTIATE_NETWARE | ||
0: NTLMSSP_NEGOTIATE_NTLM | ||
0: NTLMSSP_NEGOTIATE_NT_ONLY | ||
0: NTLMSSP_ANONYMOUS | ||
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED | ||
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED | ||
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL | ||
0: NTLMSSP_NEGOTIATE_ALWAYS_SIGN | ||
1: NTLMSSP_TARGET_TYPE_DOMAIN | ||
1: NTLMSSP_TARGET_TYPE_SERVER | ||
1: NTLMSSP_TARGET_TYPE_SHARE | ||
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY | ||
1: NTLMSSP_NEGOTIATE_IDENTIFY | ||
1: NTLMSSP_REQUEST_NON_NT_SESSION_KEY | ||
1: NTLMSSP_NEGOTIATE_TARGET_INFO | ||
1: NTLMSSP_NEGOTIATE_VERSION | ||
1: NTLMSSP_NEGOTIATE_128 | ||
1: NTLMSSP_NEGOTIATE_KEY_EXCH | ||
1: NTLMSSP_NEGOTIATE_56 | ||
Version: struct ntlmssp_VERSION | ||
ProductMajorVersion : UNKNOWN_ENUM_VALUE (0) | ||
ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_0 (0) | ||
ProductBuild : 0x0000 (0) | ||
Reserved: ARRAY(3) | ||
[0] : 0x00 (0) | ||
[1] : 0x00 (0) | ||
[2] : 0x00 (0) | ||
NTLMRevisionCurrent : UNKNOWN_ENUM_VALUE (0) | ||
push returned Success | ||
pull returned Success | ||
AUTHENTICATE_MESSAGE: struct AUTHENTICATE_MESSAGE | ||
Signature : 'NTLMSSP' | ||
MessageType : NtLmAuthenticate (3) | ||
LmChallengeResponseLen : 0x0000 (0) | ||
LmChallengeResponseMaxLen: 0x0000 (0) | ||
LmChallengeResponse : NULL | ||
NtChallengeResponseLen : 0x0000 (0) | ||
NtChallengeResponseMaxLen: 0x0000 (0) | ||
NtChallengeResponse : NULL | ||
DomainNameLen : 0x0000 (0) | ||
DomainNameMaxLen : 0x0000 (0) | ||
DomainName : NULL | ||
UserNameLen : 0x0000 (0) | ||
UserNameMaxLen : 0x0000 (0) | ||
UserName : NULL | ||
WorkstationLen : 0x0000 (0) | ||
WorkstationMaxLen : 0x0000 (0) | ||
Workstation : NULL | ||
EncryptedRandomSessionKeyLen: 0x0000 (0) | ||
EncryptedRandomSessionKeyMaxLen: 0x0000 (0) | ||
EncryptedRandomSessionKey: NULL | ||
NegotiateFlags : 0xfeff0000 (4278124544) | ||
0: NTLMSSP_NEGOTIATE_UNICODE | ||
0: NTLMSSP_NEGOTIATE_OEM | ||
0: NTLMSSP_REQUEST_TARGET | ||
0: NTLMSSP_NEGOTIATE_SIGN | ||
0: NTLMSSP_NEGOTIATE_SEAL | ||
0: NTLMSSP_NEGOTIATE_DATAGRAM | ||
0: NTLMSSP_NEGOTIATE_LM_KEY | ||
0: NTLMSSP_NEGOTIATE_NETWARE | ||
0: NTLMSSP_NEGOTIATE_NTLM | ||
0: NTLMSSP_NEGOTIATE_NT_ONLY | ||
0: NTLMSSP_ANONYMOUS | ||
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED | ||
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED | ||
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL | ||
0: NTLMSSP_NEGOTIATE_ALWAYS_SIGN | ||
1: NTLMSSP_TARGET_TYPE_DOMAIN | ||
1: NTLMSSP_TARGET_TYPE_SERVER | ||
1: NTLMSSP_TARGET_TYPE_SHARE | ||
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY | ||
1: NTLMSSP_NEGOTIATE_IDENTIFY | ||
1: NTLMSSP_REQUEST_NON_NT_SESSION_KEY | ||
1: NTLMSSP_NEGOTIATE_TARGET_INFO | ||
1: NTLMSSP_NEGOTIATE_VERSION | ||
1: NTLMSSP_NEGOTIATE_128 | ||
1: NTLMSSP_NEGOTIATE_KEY_EXCH | ||
1: NTLMSSP_NEGOTIATE_56 | ||
Version: struct ntlmssp_VERSION | ||
ProductMajorVersion : UNKNOWN_ENUM_VALUE (0) | ||
ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_0 (0) | ||
ProductBuild : 0x0000 (0) | ||
Reserved: ARRAY(3) | ||
[0] : 0x00 (0) | ||
[1] : 0x00 (0) | ||
[2] : 0x00 (0) | ||
NTLMRevisionCurrent : UNKNOWN_ENUM_VALUE (0) | ||
WARNING! orig bytes:260 validated pushed bytes:72 | ||
WARNING! orig and validated differ at byte 0x00 (0) | ||
WARNING! orig byte[0x00] = 0x00 validated byte[0x00] = 0x4E | ||
dump OK |