svn commit: samba r9347 - in branches/SAMBA_4_0/source: build/pidl/Parse/Pidl/Samba/NDR librpc/ndr

tridge at samba.org tridge at samba.org
Wed Aug 17 03:30:46 GMT 2005 

Author: tridge
Date: 2005-08-17 03:30:45 +0000 (Wed, 17 Aug 2005)
New Revision: 9347

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9347

Log:

this array bounds checking is harder than it looks ...

this copes with 2 more situations:

1) where the array is NULL, which would previously be coped with by a
   if (ptr) check, but now in the deferred array bounds checking needs
   to look at the array variable in the ndr code. Not nice.

2) nest the array checking along with the SCALARS vs BUFFERS checks, ensuring we don't
   do array bounds checking for a buffer when in scalars only mode


Modified:
   branches/SAMBA_4_0/source/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm
   branches/SAMBA_4_0/source/librpc/ndr/ndr.c


Changeset:
Modified: branches/SAMBA_4_0/source/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm
===================================================================
--- branches/SAMBA_4_0/source/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm	2005-08-17 02:56:39 UTC (rev 9346)
+++ branches/SAMBA_4_0/source/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm	2005-08-17 03:30:45 UTC (rev 9347)
@@ -1330,6 +1330,8 @@
 		ParseElementPull($e, "ndr", "r->", $env, 1, 0);
 	}	
 
+	add_deferred();
+
 	deindent;
 	pidl "}";
 	pidl "if (ndr_flags & NDR_BUFFERS) {";
@@ -1343,11 +1345,11 @@
 		ParseElementPull($e, "ndr", "r->", $env, 0, 1);
 	}
 
+	add_deferred();
+
 	deindent;
 	pidl "}";
 
-	add_deferred();
-
 	end_flags($struct);
 	# restore the old relative_base_offset
 	pidl "ndr_pull_restore_relative_base_offset(ndr, _save_relative_base_offset);" if defined($struct->{PROPERTIES}{relative_base});

Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr.c
===================================================================
--- branches/SAMBA_4_0/source/librpc/ndr/ndr.c	2005-08-17 02:56:39 UTC (rev 9346)
+++ branches/SAMBA_4_0/source/librpc/ndr/ndr.c	2005-08-17 03:30:45 UTC (rev 9347)
@@ -493,6 +493,10 @@
 NTSTATUS ndr_check_array_size(struct ndr_pull *ndr, void *p, uint32_t size)
 {
 	uint32_t stored;
+	/* a NULL array is OK */
+	if (*(void **)p == NULL) {
+		return NT_STATUS_OK;
+	}
 	stored = ndr_token_peek(&ndr->array_size_list, p);
 	if (stored != size) {
 		return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, 
@@ -531,6 +535,10 @@
 NTSTATUS ndr_check_array_length(struct ndr_pull *ndr, void *p, uint32_t length)
 {
 	uint32_t stored;
+	/* a NULL array is OK */
+	if (*(void **)p == NULL) {
+		return NT_STATUS_OK;
+	}
 	stored = ndr_token_peek(&ndr->array_length_list, p);
 	if (stored != length) {
 		return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE,

More information about the samba-cvs mailing list