svn commit: samba r2948 - in branches/SAMBA_4_0/source: build/pidl
librpc/ndr
tridge at samba.org
tridge at samba.org
Wed Oct 13 12:55:11 GMT 2004
Author: tridge
Date: 2004-10-13 12:55:10 +0000 (Wed, 13 Oct 2004)
New Revision: 2948
WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba&path=/branches/SAMBA_4_0/source&rev=2948&nolog=1
Log:
added support for the [range(low,high)] attribute in pidl. This allows
range checking of any integer value, to help protect against denial of
service attacks (which could otherwise cause large memory allocations)
Modified:
branches/SAMBA_4_0/source/build/pidl/parser.pm
branches/SAMBA_4_0/source/librpc/ndr/libndr.h
Changeset:
Modified: branches/SAMBA_4_0/source/build/pidl/parser.pm
===================================================================
--- branches/SAMBA_4_0/source/build/pidl/parser.pm 2004-10-13 12:31:37 UTC (rev 2947)
+++ branches/SAMBA_4_0/source/build/pidl/parser.pm 2004-10-13 12:55:10 UTC (rev 2948)
@@ -547,6 +547,11 @@
} else {
pidl "\tNDR_CHECK(ndr_pull_$e->{TYPE}(ndr, $ndr_flags, $cprefix$var_prefix$e->{NAME}));\n";
}
+ if (my $range = util::has_property($e, "range")) {
+ my ($low, $high) = split(/ /, $range, 2);
+ pidl "\tif ($var_prefix$e->{NAME} < $low || $var_prefix$e->{NAME} > $high) {\n";
+ pidl "\t\treturn ndr_pull_error(ndr, NDR_ERR_RANGE, \"value out of range\");\n\t}\n";
+ }
end_flags($e);
}
Modified: branches/SAMBA_4_0/source/librpc/ndr/libndr.h
===================================================================
--- branches/SAMBA_4_0/source/librpc/ndr/libndr.h 2004-10-13 12:31:37 UTC (rev 2947)
+++ branches/SAMBA_4_0/source/librpc/ndr/libndr.h 2004-10-13 12:55:10 UTC (rev 2948)
@@ -141,7 +141,8 @@
NDR_ERR_STRING,
NDR_ERR_VALIDATE,
NDR_ERR_BUFSIZE,
- NDR_ERR_ALLOC
+ NDR_ERR_ALLOC,
+ NDR_ERR_RANGE
};
/*
More information about the samba-cvs
mailing list