svn commit: samba r13989 - in branches/SAMBA_3_0/source/rpc_parse: .
jra at samba.org
jra at samba.org
Tue Mar 7 20:52:49 GMT 2006
Author: jra
Date: 2006-03-07 20:52:43 +0000 (Tue, 07 Mar 2006)
New Revision: 13989
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13989
Log:
Fix for Coverity bug #45 and associated spoolss RPC_BUFFER
problems. Ensure that if the parse succeeds on UNMARSHALL
we have a valid (although possibly empty) RPC_BUFFER returned.
Jeremy.
Modified:
branches/SAMBA_3_0/source/rpc_parse/parse_buffer.c
Changeset:
Modified: branches/SAMBA_3_0/source/rpc_parse/parse_buffer.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_parse/parse_buffer.c 2006-03-07 20:52:34 UTC (rev 13988)
+++ branches/SAMBA_3_0/source/rpc_parse/parse_buffer.c 2006-03-07 20:52:43 UTC (rev 13989)
@@ -108,19 +108,34 @@
data_p = *buffer ? 0xf000baaa : 0;
- if ( !prs_uint32("ptr", ps, depth, &data_p ))
+ if ( !prs_uint32("ptr", ps, depth, &data_p )) {
return False;
+ }
+ /* We must always return a valid buffer pointer even if the
+ client didn't send one - just leave it initialized to null. */
+ if ( UNMARSHALLING(ps) ) {
+ if ( !(*buffer = PRS_ALLOC_MEM(ps, RPC_BUFFER, 1)) ) {
+ return False;
+ }
+ }
+
/* we're done if there is no data */
- if ( !data_p )
+ if (!data_p) {
+ if (UNMARSHALLING(ps)) {
+ RPC_BUFFER *pbuffer = *buffer;
+ /* On unmarshalling we must return a valid,
+ but zero size value RPC_BUFFER. */
+ pbuffer->size = 0;
+ pbuffer->string_at_end = 0;
+ if (!prs_init(&pbuffer->prs, 0, prs_get_mem_context(ps), UNMARSHALL)) {
+ return False;
+ }
+ }
return True;
+ }
- if ( UNMARSHALLING(ps) ) {
- if ( !(*buffer = PRS_ALLOC_MEM(ps, RPC_BUFFER, 1)) )
- return False;
- }
-
return prs_rpcbuffer( desc, ps, depth, *buffer);
}
More information about the samba-cvs
mailing list