svn commit: samba r9347 - in branches/SAMBA_4_0/source:
build/pidl/Parse/Pidl/Samba/NDR librpc/ndr
tridge at samba.org
tridge at samba.org
Wed Aug 17 03:30:46 GMT 2005
Author: tridge
Date: 2005-08-17 03:30:45 +0000 (Wed, 17 Aug 2005)
New Revision: 9347
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9347
Log:
this array bounds checking is harder than it looks ...
this copes with 2 more situations:
1) where the array is NULL, which would previously be coped with by a
if (ptr) check, but now in the deferred array bounds checking needs
to look at the array variable in the ndr code. Not nice.
2) nest the array checking along with the SCALARS vs BUFFERS checks, ensuring we don't
do array bounds checking for a buffer when in scalars only mode
Modified:
branches/SAMBA_4_0/source/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm
branches/SAMBA_4_0/source/librpc/ndr/ndr.c
Changeset:
Modified: branches/SAMBA_4_0/source/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm
===================================================================
--- branches/SAMBA_4_0/source/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm 2005-08-17 02:56:39 UTC (rev 9346)
+++ branches/SAMBA_4_0/source/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm 2005-08-17 03:30:45 UTC (rev 9347)
@@ -1330,6 +1330,8 @@
ParseElementPull($e, "ndr", "r->", $env, 1, 0);
}
+ add_deferred();
+
deindent;
pidl "}";
pidl "if (ndr_flags & NDR_BUFFERS) {";
@@ -1343,11 +1345,11 @@
ParseElementPull($e, "ndr", "r->", $env, 0, 1);
}
+ add_deferred();
+
deindent;
pidl "}";
- add_deferred();
-
end_flags($struct);
# restore the old relative_base_offset
pidl "ndr_pull_restore_relative_base_offset(ndr, _save_relative_base_offset);" if defined($struct->{PROPERTIES}{relative_base});
Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr.c
===================================================================
--- branches/SAMBA_4_0/source/librpc/ndr/ndr.c 2005-08-17 02:56:39 UTC (rev 9346)
+++ branches/SAMBA_4_0/source/librpc/ndr/ndr.c 2005-08-17 03:30:45 UTC (rev 9347)
@@ -493,6 +493,10 @@
NTSTATUS ndr_check_array_size(struct ndr_pull *ndr, void *p, uint32_t size)
{
uint32_t stored;
+ /* a NULL array is OK */
+ if (*(void **)p == NULL) {
+ return NT_STATUS_OK;
+ }
stored = ndr_token_peek(&ndr->array_size_list, p);
if (stored != size) {
return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE,
@@ -531,6 +535,10 @@
NTSTATUS ndr_check_array_length(struct ndr_pull *ndr, void *p, uint32_t length)
{
uint32_t stored;
+ /* a NULL array is OK */
+ if (*(void **)p == NULL) {
+ return NT_STATUS_OK;
+ }
stored = ndr_token_peek(&ndr->array_length_list, p);
if (stored != length) {
return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE,
More information about the samba-cvs
mailing list