svn commit: samba r11141 - in branches/SAMBA_4_0/source: librpc/ndr
pidl/lib/Parse/Pidl/Samba/NDR
jelmer at samba.org
jelmer at samba.org
Tue Oct 18 14:12:34 GMT 2005
Author: jelmer
Date: 2005-10-18 14:12:33 +0000 (Tue, 18 Oct 2005)
New Revision: 11141
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11141
Log:
Re-add paranoid string terminator check
Modified:
branches/SAMBA_4_0/source/librpc/ndr/ndr_string.c
branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Samba/NDR/Parser.pm
Changeset:
Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr_string.c
===================================================================
--- branches/SAMBA_4_0/source/librpc/ndr/ndr_string.c 2005-10-18 13:52:46 UTC (rev 11140)
+++ branches/SAMBA_4_0/source/librpc/ndr/ndr_string.c 2005-10-18 14:12:33 UTC (rev 11141)
@@ -612,21 +612,24 @@
return i+1;
}
-NTSTATUS ndr_check_string_terminator(struct ndr_pull *ndr, const void *_var, uint32_t count, uint32_t element_size)
+NTSTATUS ndr_check_string_terminator(struct ndr_pull *ndr, uint32_t count, uint32_t element_size)
{
- const char *var = _var;
uint32_t i;
+ struct ndr_pull_save save_offset;
- var += element_size*(count-1);
+ ndr_pull_save(ndr, &save_offset);
+ ndr_pull_advance(ndr, (count - 1) * element_size);
+ NDR_PULL_NEED_BYTES(ndr, element_size);
for (i = 0; i < element_size; i++) {
- if (var[i] != 0) {
- return NT_STATUS_UNSUCCESSFUL;
+ if (ndr->data[ndr->offset+i] != 0) {
+ return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "String terminator not present or outside string boundaries");
}
}
+ ndr_pull_restore(ndr, &save_offset);
+
return NT_STATUS_OK;
-
}
NTSTATUS ndr_pull_charset(struct ndr_pull *ndr, int ndr_flags, const char **var, uint32_t length, uint8_t byte_mul, int chset)
Modified: branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Samba/NDR/Parser.pm
===================================================================
--- branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Samba/NDR/Parser.pm 2005-10-18 13:52:46 UTC (rev 11140)
+++ branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Samba/NDR/Parser.pm 2005-10-18 14:12:33 UTC (rev 11141)
@@ -923,6 +923,15 @@
pidl "NDR_PULL_SET_MEM_CTX(ndr, $mem_r_ctx, $mem_r_flags);";
}
+sub CheckStringTerminator($$$$)
+{
+ my ($ndr,$e,$l,$length) = @_;
+ my $nl = GetNextLevel($e, $l);
+
+ # Make sure last element is zero!
+ pidl "NDR_CHECK(ndr_check_string_terminator($ndr, $length, sizeof($nl->{DATA_TYPE}_t)));";
+}
+
sub ParseElementPullLevel
{
my($e,$l,$ndr,$var_name,$env,$primitives,$deferred) = @_;
@@ -945,14 +954,16 @@
my $nl = GetNextLevel($e, $l);
if (is_charset_array($e,$l)) {
+ if ($l->{IS_ZERO_TERMINATED}) {
+ CheckStringTerminator($ndr, $e, $l, $length);
+ }
pidl "NDR_CHECK(ndr_pull_charset($ndr, $ndr_flags, ".get_pointer_to($var_name).", $length, sizeof(" . mapType($nl->{DATA_TYPE}) . "), CH_$e->{PROPERTIES}->{charset}));";
return;
} elsif (has_fast_array($e, $l)) {
- pidl "NDR_CHECK(ndr_pull_array_$nl->{DATA_TYPE}($ndr, $ndr_flags, $var_name, $length));";
if ($l->{IS_ZERO_TERMINATED}) {
- # Make sure last element is zero!
- pidl "NDR_CHECK(ndr_check_string_terminator($ndr, $var_name, $length, sizeof(*$var_name)));";
+ CheckStringTerminator($ndr,$e,$l,$length);
}
+ pidl "NDR_CHECK(ndr_pull_array_$nl->{DATA_TYPE}($ndr, $ndr_flags, $var_name, $length));";
return;
}
} elsif ($l->{TYPE} eq "POINTER") {
@@ -1002,16 +1013,17 @@
ParseMemCtxPullStart($e,$l, $array_name);
if (($primitives and not $l->{IS_DEFERRED}) or ($deferred and $l->{IS_DEFERRED})) {
+ my $nl = GetNextLevel($e,$l);
+
+ if ($l->{IS_ZERO_TERMINATED}) {
+ CheckStringTerminator($ndr,$e,$l,$length);
+ }
+
pidl "for ($counter = 0; $counter < $length; $counter++) {";
indent;
- ParseElementPullLevel($e,GetNextLevel($e,$l), $ndr, $var_name, $env, 1, 0);
+ ParseElementPullLevel($e, $nl, $ndr, $var_name, $env, 1, 0);
deindent;
pidl "}";
-
- if ($l->{IS_ZERO_TERMINATED}) {
- # Make sure last element is zero!
- pidl "NDR_CHECK(ndr_check_string_terminator($ndr, $var_name, $length, sizeof(*$var_name)));";
- }
}
if ($deferred and ContainsDeferred($e, $l)) {
More information about the samba-cvs
mailing list