From 3bcb122e57699362729cdd0e85b31fda1ac33744 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 9 Jul 2020 21:48:57 +0200 Subject: [PATCH 4/6] CVE-2020-14323: torture4: Add a simple test for invalid lookup_sids winbind call We can't add this test before the fix, add it to knownfail and have the fix remove the knownfail entry again. As this crashes winbind, many tests after this one will fail. Reported by Bas Alberts of the GitHub Security Lab Team as GHSL-2020-134 Bug: https://bugzilla.samba.org/show_bug.cgi?id=14436 Signed-off-by: Volker Lendecke Signed-off-by: Mikhail Novosyolov --- source4/torture/winbind/struct_based.c | 27 ++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/source4/torture/winbind/struct_based.c b/source4/torture/winbind/struct_based.c index 9745b621ca9..71f248c0d61 100644 --- a/source4/torture/winbind/struct_based.c +++ b/source4/torture/winbind/struct_based.c @@ -1110,6 +1110,29 @@ static bool torture_winbind_struct_lookup_name_sid(struct torture_context *tortu return true; } +static bool torture_winbind_struct_lookup_sids_invalid( + struct torture_context *torture) +{ + struct winbindd_request req = {0}; + struct winbindd_response rep = {0}; + bool strict = torture_setting_bool(torture, "strict mode", false); + bool ok; + + torture_comment(torture, + "Running WINBINDD_LOOKUP_SIDS (struct based)\n"); + + ok = true; + DO_STRUCT_REQ_REP_EXT(WINBINDD_LOOKUPSIDS, &req, &rep, + NSS_STATUS_NOTFOUND, + strict, + ok=false, + talloc_asprintf( + torture, + "invalid lookupsids succeeded")); + + return ok; +} + struct torture_suite *torture_winbind_struct_init(TALLOC_CTX *ctx) { struct torture_suite *suite = torture_suite_create(ctx, "struct"); @@ -1132,6 +1155,10 @@ struct torture_suite *torture_winbind_struct_init(TALLOC_CTX *ctx) torture_suite_add_simple_test(suite, "getpwent", torture_winbind_struct_getpwent); torture_suite_add_simple_test(suite, "endpwent", torture_winbind_struct_endpwent); torture_suite_add_simple_test(suite, "lookup_name_sid", torture_winbind_struct_lookup_name_sid); + torture_suite_add_simple_test( + suite, + "lookup_sids_invalid", + torture_winbind_struct_lookup_sids_invalid); suite->description = talloc_strdup(suite, "WINBIND - struct based protocol tests"); -- 2.25.1