> > Hi, Hi Aurélien, > > I have started a small project to test ksmbd by fuzzing. Really great work!, We can add this to buildbot test of ksmbd. > > It's based on an existing project called Fuzzotron and it's not finished yet. I have taken code from > libsmb2 and other places to setup a valid connection (negprot, sess setup, tcon) before the fuzzing > starts. The code is very messy, not clean at all (all SMB2 logic is in callback.c) > > https://protect2.fireeye.com/v1/url?k=d034d6f7-8fafefb8-d0355db8-0cc47a30d446- > a31c437df7256da6&q=1&e=2ad65418-4da5-4fd7-85e8- > 61c1b0dea5c7&u=https%3A%2F%2Fgithub.com%2Faaptel%2Ffuzzotron > > I haven't had time to finish it, TCON creation fails with ACCESS_DENIED, I haven't figured out why > yet :( Okay, I will join this project after ksmbd upstream is completed. > > Maybe there's a better project to fuzz network servers, I've just used fuzzotron because the code > looked simple enough. The callback.c has all the required code so it should be relatively easy to move > to another fuzzer. Let me check it. > > I think it would be very useful to run this on ksmbd, because: > > - the stakes of security issues in that code are very high. > - it would make people trust ksmbd code a lot more if it passes this. Agreed. > > Quick how to if you want to give it a try: > * get radamsa https://gitlab.com/akihe/radamsa and compile it, put it in $PATH > * make a test folder to be used for test input samples (valid SMB2 packets) > - dd if=/dev/urandom of=test/sample1 bs=1K count=1 (simple invalid test) > * make a script to test if server crashed, for example: > - echo 'ping -c1 192.168.2.110' > check.sh > * run > ./fuzzotron --radamsa --directory $PWD/test -h 192.168.2.110 -p 445 -P tcp -z "$PWD/check.sh" -o > output > > Unfortunately it fails because of bad TCON creation right now, as I said earlier... I need to find > some time to find the issue. Okay, We are focusing on ksmbd upstream now, Only if it is completed, We will be able to work together. And It is really necessary for ksmbd and thank you for sharing your work! > > Cheers, > -- > Aurélien Aptel / SUSE Labs Samba Team > GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3 SUSE Software Solutions Germany GmbH, > Maxfeldstr. 5, 90409 Nürnberg, DE > GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)
