search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3: smbd: Ensure all callers to srvstr_pull_req_talloc() pass a zeroed-out dest pointer.
[Samba.git] / libcli / smb / test_smb1cli_session.c
blob6a526c96b6143dcfd14e3b208ce531f696bc7bd9
1 #include <stdarg.h>
2 #include <stddef.h>
3 #include <stdint.h>
4 #include <setjmp.h>
5 #include <cmocka.h>
6
7 #include "replace.h"
8 #include <talloc.h>
9 #include "libcli/util/ntstatus.h"
10 #include "smb_constants.h"
11 #include "smb_util.h"
12
13 static const uint8_t smb1_session_setup_bytes[] = {
14 0xA1, 0x82, 0x01, 0x02, 0x30, 0x81, 0xFF, 0xA0,
15 0x03, 0x0A, 0x01, 0x01, 0xA1, 0x0C, 0x06, 0x0A,
16 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02,
17 0x02, 0x0A, 0xA2, 0x81, 0xE9, 0x04, 0x81, 0xE6,
18 0x4E, 0x54, 0x4C, 0x4D, 0x53, 0x53, 0x50, 0x00,
19 0x02, 0x00, 0x00, 0x00, 0x16, 0x00, 0x16, 0x00,
20 0x38, 0x00, 0x00, 0x00, 0x15, 0x82, 0x89, 0x62,
21 0xF6, 0x65, 0xAB, 0x23, 0x47, 0xBC, 0x4D, 0x21,
22 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
23 0x98, 0x00, 0x98, 0x00, 0x4E, 0x00, 0x00, 0x00,
24 0x06, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0F,
25 0x53, 0x00, 0x41, 0x00, 0x4D, 0x00, 0x42, 0x00,
26 0x41, 0x00, 0x44, 0x00, 0x4F, 0x00, 0x4D, 0x00,
27 0x41, 0x00, 0x49, 0x00, 0x4E, 0x00, 0x02, 0x00,
28 0x16, 0x00, 0x53, 0x00, 0x41, 0x00, 0x4D, 0x00,
29 0x42, 0x00, 0x41, 0x00, 0x44, 0x00, 0x4F, 0x00,
30 0x4D, 0x00, 0x41, 0x00, 0x49, 0x00, 0x4E, 0x00,
31 0x01, 0x00, 0x0E, 0x00, 0x4C, 0x00, 0x4F, 0x00,
32 0x43, 0x00, 0x41, 0x00, 0x4C, 0x00, 0x44, 0x00,
33 0x43, 0x00, 0x04, 0x00, 0x22, 0x00, 0x73, 0x00,
34 0x61, 0x00, 0x6D, 0x00, 0x62, 0x00, 0x61, 0x00,
35 0x2E, 0x00, 0x65, 0x00, 0x78, 0x00, 0x61, 0x00,
36 0x6D, 0x00, 0x70, 0x00, 0x6C, 0x00, 0x65, 0x00,
37 0x2E, 0x00, 0x63, 0x00, 0x6F, 0x00, 0x6D, 0x00,
38 0x03, 0x00, 0x32, 0x00, 0x6C, 0x00, 0x6F, 0x00,
39 0x63, 0x00, 0x61, 0x00, 0x6C, 0x00, 0x64, 0x00,
40 0x63, 0x00, 0x2E, 0x00, 0x73, 0x00, 0x61, 0x00,
41 0x6D, 0x00, 0x62, 0x00, 0x61, 0x00, 0x2E, 0x00,
42 0x65, 0x00, 0x78, 0x00, 0x61, 0x00, 0x6D, 0x00,
43 0x70, 0x00, 0x6C, 0x00, 0x65, 0x00, 0x2E, 0x00,
44 0x63, 0x00, 0x6F, 0x00, 0x6D, 0x00, 0x07, 0x00,
45 0x08, 0x00, 0x0C, 0x40, 0xA3, 0xC3, 0x5B, 0xE0,
46 0xD2, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x55,
47 0x00, 0x6E, 0x00, 0x69, 0x00, 0x78, 0x00, 0x00,
48 0x00, 0x53, 0x00, 0x61, 0x00, 0x6D, 0x00, 0x62,
49 0x00, 0x61, 0x00, 0x20, 0x00, 0x34, 0x00, 0x2E,
50 0x00, 0x37, 0x00, 0x2E, 0x00, 0x30, 0x00, 0x70,
51 0x00, 0x72, 0x00, 0x65, 0x00, 0x31, 0x00, 0x2D,
52 0x00, 0x44, 0x00, 0x45, 0x00, 0x56, 0x00, 0x45,
53 0x00, 0x4C, 0x00, 0x4F, 0x00, 0x50, 0x00, 0x45,
54 0x00, 0x52, 0x00, 0x42, 0x00, 0x55, 0x00, 0x49,
55 0x00, 0x4C, 0x00, 0x44, 0x00, 0x00, 0x00, 0x53,
56 0x00, 0x41, 0x00, 0x4D, 0x00, 0x42, 0x00, 0x41,
57 0x00, 0x44, 0x00, 0x4F, 0x00, 0x4D, 0x00, 0x41,
58 0x00, 0x49, 0x00, 0x4E, 0x00, 0x00, 0x00
59 };
60
61 static void test_smb_bytes_pull_str(void **state)
62 {
63 NTSTATUS status;
64 const uint8_t *bytes = smb1_session_setup_bytes;
65 const size_t num_bytes = sizeof(smb1_session_setup_bytes);
66 const uint8_t *p = NULL;
67 size_t ret = 0;
68 size_t out_security_blob_length = 262;
69 bool use_unicode = true;
70 char *str = NULL;
71
72 p = bytes;
73 p += out_security_blob_length;
74
75 status = smb_bytes_pull_str(NULL, &str, use_unicode,
76 bytes, num_bytes,
77 p, &ret);
78 assert_true(NT_STATUS_IS_OK(status));
79 assert_string_equal(str, "Unix");
80 assert_int_equal(ret, 0x0b);
81 TALLOC_FREE(str);
82
83 p += ret;
84 status = smb_bytes_pull_str(NULL, &str, use_unicode,
85 bytes, num_bytes,
86 p, &ret);
87 assert_true(NT_STATUS_IS_OK(status));
88 assert_string_equal(str, "Samba 4.7.0pre1-DEVELOPERBUILD");
89 assert_int_equal(ret, 0x3e);
90 TALLOC_FREE(str);
91
92 p += ret;
93 status = smb_bytes_pull_str(NULL, &str, use_unicode,
94 bytes, num_bytes,
95 p, &ret);
96 assert_true(NT_STATUS_IS_OK(status));
97 assert_string_equal(str, "SAMBADOMAIN");
98 assert_int_equal(ret, 0x18);
99 TALLOC_FREE(str);
100
101 p += ret;
102 status = smb_bytes_pull_str(NULL, &str, use_unicode,
103 bytes, num_bytes,
104 p, &ret);
105 assert_true(NT_STATUS_IS_OK(status));
106 assert_string_equal(str, "");
107 assert_int_equal(ret, 0x00);
108 TALLOC_FREE(str);
109 }
110
111 static void test_smb_bytes_pull_str_no_unicode(void **state)
112 {
113 NTSTATUS status;
114 const uint8_t *bytes = smb1_session_setup_bytes;
115 const size_t num_bytes = sizeof(smb1_session_setup_bytes);
116 const uint8_t *p = NULL;
117 size_t ret = 0;
118 size_t out_security_blob_length = 262;
119 bool use_unicode = false;
120 char *str = NULL;
121
122 p = bytes;
123 p += out_security_blob_length;
124
125 status = smb_bytes_pull_str(NULL, &str, use_unicode,
126 bytes, num_bytes,
127 p, &ret);
128 assert_true(NT_STATUS_IS_OK(status));
129 assert_string_equal(str, "");
130 assert_int_equal(ret, 0x01);
131 TALLOC_FREE(str);
132 }
133
134 static void test_smb_bytes_pull_str_wrong_offset(void **state)
135 {
136 NTSTATUS status;
137 const uint8_t *bytes = smb1_session_setup_bytes;
138 const size_t num_bytes = sizeof(smb1_session_setup_bytes);
139 const uint8_t *p = NULL;
140 size_t ret = 0;
141 size_t out_security_blob_length = 261;
142 bool use_unicode = true;
143 char *str = NULL;
144
145 bytes += 1;
146 p = bytes;
147 p += out_security_blob_length;
148
149 status = smb_bytes_pull_str(NULL, &str, use_unicode,
150 bytes, num_bytes,
151 p, &ret);
152 assert_true(NT_STATUS_IS_OK(status));
153
154 assert_string_equal(str, "\xE5\x94\x80\xE6\xB8\x80\xE6\xA4\x80\xE7\xA0\x80");
155 assert_int_equal(ret, 0x0a);
156 TALLOC_FREE(str);
157 }
158
159 static void test_smb_bytes_pull_str_invalid_offset(void **state)
160 {
161 NTSTATUS status;
162 const uint8_t *bytes = smb1_session_setup_bytes;
163 const size_t num_bytes = sizeof(smb1_session_setup_bytes);
164 const uint8_t *p = NULL;
165 size_t ret = 0;
166 bool use_unicode = true;
167 char *str = NULL;
168 intptr_t bytes_address = (intptr_t)bytes;
169
170 /* Warning: array subscript is below array bounds */
171 p = (const uint8_t *)(bytes_address - 1);
172 status = smb_bytes_pull_str(NULL, &str, use_unicode,
173 bytes, num_bytes,
174 p, &ret);
175 assert_int_equal(NT_STATUS_V(status),
176 NT_STATUS_V(NT_STATUS_INTERNAL_ERROR));
177
178 p = bytes + num_bytes;
179 status = smb_bytes_pull_str(NULL, &str, use_unicode,
180 bytes, num_bytes,
181 p, &ret);
182 assert_true(NT_STATUS_IS_OK(status));
183 assert_string_equal(str, "");
184 assert_int_equal(ret, 0x00);
185 TALLOC_FREE(str);
186
187 p = bytes + num_bytes - 1;
188 status = smb_bytes_pull_str(NULL, &str, use_unicode,
189 bytes, num_bytes,
190 p, &ret);
191 assert_true(NT_STATUS_IS_OK(status));
192 assert_string_equal(str, "");
193 assert_int_equal(ret, 0x01);
194 TALLOC_FREE(str);
195
196 /* Warning: array subscript is above array bounds */
197 p = (const uint8_t *)(bytes_address + num_bytes + 1);
198 status = smb_bytes_pull_str(NULL, &str, use_unicode,
199 bytes, num_bytes,
200 p, &ret);
201 assert_int_equal(NT_STATUS_V(status),
202 NT_STATUS_V(NT_STATUS_BUFFER_TOO_SMALL));
203 }
204
205 int main(void)
206 {
207 const struct CMUnitTest tests[] = {
208 cmocka_unit_test(test_smb_bytes_pull_str),
209 cmocka_unit_test(test_smb_bytes_pull_str_no_unicode),
210 cmocka_unit_test(test_smb_bytes_pull_str_wrong_offset),
211 cmocka_unit_test(test_smb_bytes_pull_str_invalid_offset),
212 };
213
214 cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
215 return cmocka_run_group_tests(tests, NULL, NULL);
216 }
Samba GIT mirror