Hi, I have started a small project to test ksmbd by fuzzing. It's based on an existing project called Fuzzotron and it's not finished yet. I have taken code from libsmb2 and other places to setup a valid connection (negprot, sess setup, tcon) before the fuzzing starts. The code is very messy, not clean at all (all SMB2 logic is in callback.c) https://github.com/aaptel/fuzzotron I haven't had time to finish it, TCON creation fails with ACCESS_DENIED, I haven't figured out why yet :( Maybe there's a better project to fuzz network servers, I've just used fuzzotron because the code looked simple enough. The callback.c has all the required code so it should be relatively easy to move to another fuzzer. I think it would be very useful to run this on ksmbd, because: - the stakes of security issues in that code are very high. - it would make people trust ksmbd code a lot more if it passes this. Quick how to if you want to give it a try: * get radamsa https://gitlab.com/akihe/radamsa and compile it, put it in $PATH * make a test folder to be used for test input samples (valid SMB2 packets) - dd if=/dev/urandom of=test/sample1 bs=1K count=1 (simple invalid test) * make a script to test if server crashed, for example: - echo 'ping -c1 192.168.2.110' > check.sh * run ./fuzzotron --radamsa --directory $PWD/test -h 192.168.2.110 -p 445 -P tcp -z "$PWD/check.sh" -o output Unfortunately it fails because of bad TCON creation right now, as I said earlier... I need to find some time to find the issue. Cheers, -- Aurélien Aptel / SUSE Labs Samba Team GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3 SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)
