Skip to content

fix: FuzzParseDN causing OOMs in restricted environments#466

Merged
cpuschma merged 1 commit intogo-ldap:masterfrom
cpuschma:fix_fuzzing_oom
Sep 15, 2023
Merged

fix: FuzzParseDN causing OOMs in restricted environments#466
cpuschma merged 1 commit intogo-ldap:masterfrom
cpuschma:fix_fuzzing_oom

Conversation

@cpuschma
Copy link
Member

@cpuschma cpuschma commented Sep 15, 2023

See the discussion in #460. The fuzzing might crash in certain environments because of the high ber.MaxPacketLengthBytes size of 2147483647 bytes (2.1 GB).

This change limits the maximum ASN1 BER packet size to 65KB, which should be sufficient for the fuzzer. We'll look into providing custom encoders/decoders to allow setting a limit without breaking things globally, as the configuration is package-wide.

Additionally, the fuzz_test.go file was missing in the v3 directory. This slipped through in the initial PR

@cpuschma
Limit maximum BER packet length in FuzzParseDN to 65536 bytes
390960c 
Parallel and large amount of fuzzing data can create large amounts of allocated data and cause restricted fuzzing environments to crash (see #460)
@cpuschma cpuschma added the bug label Sep 15, 2023
@0x34d
Copy link
Contributor

0x34d commented Sep 15, 2023
edited
Loading

Bug : v3/fuzz_test.go in this you need to change the names.

To: FuzzParseDNv3, FuzzDecodeEscapedSymbolsv3, FuzzEscapeDNv3.

also in fuzz_test.go To: FuzzParseDNv0, FuzzDecodeEscapedSymbolsv0, FuzzEscapeDNv0.

And then in build.sh need to be updated.

@0x34d
Copy link
Contributor

0x34d commented Sep 15, 2023

google/oss-fuzz#10969

@cpuschma
Copy link
Member Author

cpuschma commented Sep 15, 2023
edited
Loading

Oh you already opened the PR, alright. Thank you! I was about to remove the mirroring and separate this into a new PR, since the v3 and root directory are out of sync anyways.

@TomSellers
Copy link
Contributor

TomSellers commented Sep 15, 2023
edited
Loading

Odd, so with the current code, the following works
go test -v -fuzz ^'FuzzParseDNv0$' .

But this returns testing: warning: no fuzz tests to fuzz
go test -v -fuzz '^FuzzParseDNv3$' .

Is this module related?

EDIT: Ah, so if I cd into v3 and run the fuzzer it works.

@TomSellers
Copy link
Contributor

TomSellers commented Sep 15, 2023
edited
Loading

Note, after the changes the following had reasonable memory consumption (< 2 GB combined) when fuzzing across 10 cores.

go test -v -fuzz ^'FuzzParseDNv0$' .

(cd v3 && go test -v -fuzz '^FuzzParseDNv3$' .)

@cpuschma
Copy link
Member Author

cpuschma commented Sep 15, 2023

v3 was created back when Go Modules weren't a thing. Since then, both the root and v3 directory have been mostly in sync to not break any backwards compatibility. Imo, this is obsolete, since the oldest version we support is Go 1.14 anyways, which already had Go Module integrated.

To get things moving: I'll remove the part where I mirrored the fuzz_test.go into v3 so that the CI runs successfully. As noted in another PR to John Weldon, both directories are out of sync and as mentioned, maybe it's time to remove this duplicate (version older than Go 1.14 won't compile anyway due to a missing dependency).

@0x34d
Copy link
Contributor

0x34d commented Sep 15, 2023

EDIT: Ah, so if I cd into v3 and run the fuzzer it works.

v3 is a different module, so you have to pushd and popd.

@0x34d 0x34d mentioned this pull request Sep 15, 2023
Closed
@cpuschma cpuschma merged commit 80095a3 into go-ldap:master Sep 15, 2023
@cpuschma cpuschma mentioned this pull request Sep 15, 2023
Closed
@cpuschma cpuschma deleted the fix_fuzzing_oom branch September 16, 2023 11:52
@cpuschma cpuschma mentioned this pull request Apr 1, 2024
Merged
cpuschma added a commit to cpuschma/ldap that referenced this pull request Apr 1, 2024
@cpuschma
Revert "fix: Limit maximum BER packet length in FuzzParseDN to 6553…
084aa8b 
…6 bytes (go-ldap#466)"

This reverts commit 80095a3
cpuschma added a commit that referenced this pull request Apr 1, 2024
@cpuschma
Revert "fix: Limit maximum BER packet length in FuzzParseDN to 6553… (
191cca8 
#500)

* Revert "fix: Limit maximum BER packet length in `FuzzParseDN` to 65536 bytes (#466)"

This reverts commit 80095a3

* Fix index out of range crash
gustavoluvizotto pushed a commit to gustavoluvizotto/ldap-fork that referenced this pull request Apr 11, 2024
@cpuschma @gustavoluvizotto
fix: Limit maximum BER packet length in FuzzParseDN to 65536 bytes (g…
169c1c9 
…o-ldap#466)

Parallel and large amount of fuzzing data can create large amounts of allocated data and cause restricted fuzzing environments to crash (see go-ldap#460)
gustavoluvizotto pushed a commit to gustavoluvizotto/ldap-fork that referenced this pull request Apr 11, 2024
@cpuschma @gustavoluvizotto
Revert "fix: Limit maximum BER packet length in FuzzParseDN to 6553… (
cbf5d2c 
go-ldap#500)

* Revert "fix: Limit maximum BER packet length in `FuzzParseDN` to 65536 bytes (go-ldap#466)"

This reverts commit 80095a3

* Fix index out of range crash
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cpuschma @0x34d @TomSellers