svn commit: samba r2948 - in branches/SAMBA_4_0/source: build/pidl librpc/ndr

[tridge at samba.org]

Author: tridge
Date: 2004-10-13 12:55:10 +0000 (Wed, 13 Oct 2004)
New Revision: 2948

WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba&path=/branches/SAMBA_4_0/source&rev=2948&nolog=1

Log:
added support for the [range(low,high)] attribute in pidl. This allows
range checking of any integer value, to help protect against denial of
service attacks (which could otherwise cause large memory allocations)



Modified:
   branches/SAMBA_4_0/source/build/pidl/parser.pm
   branches/SAMBA_4_0/source/librpc/ndr/libndr.h


Changeset:
Modified: branches/SAMBA_4_0/source/build/pidl/parser.pm
===================================================================
--- branches/SAMBA_4_0/source/build/pidl/parser.pm	2004-10-13 12:31:37 UTC (rev 2947)
+++ branches/SAMBA_4_0/source/build/pidl/parser.pm	2004-10-13 12:55:10 UTC (rev 2948)
@@ -547,6 +547,11 @@
 	} else {
 		pidl "\tNDR_CHECK(ndr_pull_$e->{TYPE}(ndr, $ndr_flags, $cprefix$var_prefix$e->{NAME}));\n";
 	}
+	if (my $range = util::has_property($e, "range")) {
+		my ($low, $high) = split(/ /, $range, 2);
+		pidl "\tif ($var_prefix$e->{NAME} < $low || $var_prefix$e->{NAME} > $high) {\n";
+		pidl "\t\treturn ndr_pull_error(ndr, NDR_ERR_RANGE, \"value out of range\");\n\t}\n";
+	}
 
 	end_flags($e);
 }

Modified: branches/SAMBA_4_0/source/librpc/ndr/libndr.h
===================================================================
--- branches/SAMBA_4_0/source/librpc/ndr/libndr.h	2004-10-13 12:31:37 UTC (rev 2947)
+++ branches/SAMBA_4_0/source/librpc/ndr/libndr.h	2004-10-13 12:55:10 UTC (rev 2948)
@@ -141,7 +141,8 @@
 	NDR_ERR_STRING,
 	NDR_ERR_VALIDATE,
 	NDR_ERR_BUFSIZE,
-	NDR_ERR_ALLOC
+	NDR_ERR_ALLOC,
+	NDR_ERR_RANGE
 };
 
 /*