File: 20_test_CVE-2019-17455.patch

package info (click to toggle)
libntlm 1.5-1%2Bdeb10u1
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 3,016 kB
  • sloc: ansic: 8,076; sh: 4,945; makefile: 25
file content (90 lines) | stat: -rw-r--r-- 2,824 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
 
From aa975994cf9cf39c33ce33a1b2988277c456dec1 Mon Sep 17 00:00:00 2001
From: Simon Josefsson <simon@josefsson.org>
Date: Sun, 19 Apr 2020 09:44:17 +0200
Subject: [PATCH] Add regression check for CVE-2019-17455 overflow.

---
 Makefile.am           |  2 +-
 test_CVE-2019-17455.c | 61 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 62 insertions(+), 1 deletion(-)
 create mode 100644 test_CVE-2019-17455.c

Index: libntlm-1.5/Makefile.am
===================================================================
--- libntlm-1.5.orig/Makefile.am
+++ libntlm-1.5/Makefile.am
@@ -45,7 +45,7 @@ libntlm_la_LIBADD = libntlm_impl.la gl/l
 
 # test
 
-TESTS = test_ntlm
+TESTS = test_ntlm test_CVE-2019-17455
 check_PROGRAMS = $(TESTS)
 LDADD = libntlm_impl.la gl/libgnu.la
 CLEANFILES = test.out
Index: libntlm-1.5/test_CVE-2019-17455.c
===================================================================
--- /dev/null
+++ libntlm-1.5/test_CVE-2019-17455.c
@@ -0,0 +1,61 @@
+/* test_overflow.c --- Test for CVE-2019-17455 overflow bug for libntlm.
+ * Copyright (C) 2020 Simon Josefsson
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ */
+
+#include <config.h>
+
+#include <string.h>
+#include <stdio.h>
+
+#include "ntlm.h"
+
+int
+main (void)
+{
+  char u[1024];
+  char d[1024];
+  char buf[sizeof (tSmbNtlmAuthRequest) + 5];
+  tSmbNtlmAuthRequest *request = (void*) &buf;
+  size_t i;
+
+  memset (u, '1', 1024);
+  memset (d, '2', 1024);
+  u[1023] = '\0';
+  d[1023] = '\0';
+
+  memset (buf, '3', sizeof (buf));
+
+  printf ("Before call:\n");
+  for (i = sizeof (tSmbNtlmAuthRequest) - 5; i < sizeof (buf); i++)
+    printf ("str[end + %d] = %02x\n",
+	    (int) (i - sizeof (tSmbNtlmAuthRequest)), (unsigned int) buf[i]);
+
+  buildSmbNtlmAuthRequest (request, u, d);
+
+  printf ("After call:\n");
+  for (i = sizeof (tSmbNtlmAuthRequest) - 5; i < sizeof (buf); i++)
+    printf ("str[end + %d] = %02x\n",
+	    (int) (i - sizeof (tSmbNtlmAuthRequest)), (unsigned int) buf[i]);
+
+  for (i = sizeof (tSmbNtlmAuthRequest); i < sizeof (buf); i++)
+    if (buf[i] != '3')
+      return 1;
+
+  return 0;
+}