Re: ksmbd testing progress - buildbot run passed

["Aurélien Aptel" <aaptel@suse.com>]

Hi,

I have started a small project to test ksmbd by fuzzing.

It's based on an existing project called Fuzzotron and it's not finished
yet. I have taken code from libsmb2 and other places to setup a valid
connection (negprot, sess setup, tcon) before the fuzzing starts. The
code is very messy, not clean at all (all SMB2 logic is in callback.c)

https://github.com/aaptel/fuzzotron

I haven't had time to finish it, TCON creation fails with ACCESS_DENIED,
I haven't figured out why yet :(

Maybe there's a better project to fuzz network servers, I've just used
fuzzotron because the code looked simple enough. The callback.c has all
the required code so it should be relatively easy to move to another
fuzzer.

I think it would be very useful to run this on ksmbd, because:

- the stakes of security issues in that code are very high.
- it would make people trust ksmbd code a lot more if it passes this.

Quick how to if you want to give it a try:
* get radamsa https://gitlab.com/akihe/radamsa and compile it, put it in $PATH
* make a test folder to be used for test input samples (valid SMB2 packets)
- dd if=/dev/urandom of=test/sample1 bs=1K count=1 (simple invalid test)
* make a script to test if server crashed, for example:
- echo 'ping -c1 192.168.2.110' > check.sh
* run
./fuzzotron --radamsa --directory $PWD/test -h 192.168.2.110 -p 445 -P tcp -z "$PWD/check.sh" -o output

Unfortunately it fails because of bad TCON creation right now, as I said
earlier... I need to find some time to find the issue.

Cheers,
-- 
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)