diff options
Diffstat (limited to 'lib/fuzzing/fuzz_ldb_dn_explode.c')
-rw-r--r-- | lib/fuzzing/fuzz_ldb_dn_explode.c | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/lib/fuzzing/fuzz_ldb_dn_explode.c b/lib/fuzzing/fuzz_ldb_dn_explode.c new file mode 100644 index 0000000..0e1560e --- /dev/null +++ b/lib/fuzzing/fuzz_ldb_dn_explode.c @@ -0,0 +1,53 @@ +/* + Fuzzing ldb_dn_explode + Copyright (C) Catalyst IT 2020 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ +#include "includes.h" +#include "fuzzing/fuzzing.h" +#include "ldb.h" + + +#define MAX_LENGTH (2 * 1024 * 1024 - 1) +char buf[MAX_LENGTH + 1] = {0}; + +int LLVMFuzzerTestOneInput(const uint8_t *input, size_t len) +{ + struct ldb_dn *dn = NULL; + struct ldb_context *ldb = ldb_init(NULL, NULL); + if (ldb == NULL) { + return 0; + } + /* + * We copy the buffer in order to NUL-terminate, because running off + * the end of the string would be an uninteresting crash. + */ + if (len > MAX_LENGTH) { + len = MAX_LENGTH; + } + memcpy(buf, input, len); + buf[len] = 0; + + dn = ldb_dn_new(ldb, ldb, buf); + ldb_dn_validate(dn); + TALLOC_FREE(ldb); + return 0; +} + + +int LLVMFuzzerInitialize(int *argc, char ***argv) +{ + return 0; +} |