[SCM] Samba Shared Repository - branch master updated
Andrew Tridgell
tridge at samba.org
Tue Feb 16 16:55:18 MST 2010
The branch, master has been updated
via eb8800e... s4-rpc: paranoid check for auth_length
from 77fc30b... testprogs: add rather simple device mode tests to spoolss test.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit eb8800e6118c2f77cef5a27f1c1b6118dd52d4ca
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Feb 17 10:23:14 2010 +1100
s4-rpc: paranoid check for auth_length
This is not strictly needed as the ndr_pull_advance() checks it a few
lines further down, but I want to save Jeremy getting more grey hairs :-)
-----------------------------------------------------------------------
Summary of changes:
source4/librpc/rpc/dcerpc_util.c | 11 +++++++++++
1 files changed, 11 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index aafa283..9dabb54 100644
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -781,6 +781,17 @@ NTSTATUS dcerpc_pull_auth_trailer(struct ncacn_packet *pkt,
uint32_t pad;
pad = pkt_auth_blob->length - (DCERPC_AUTH_TRAILER_LENGTH + pkt->auth_length);
+
+ /* paranoia check for pad size. This would be caught anyway by
+ the ndr_pull_advance() a few lines down, but it scared
+ Jeremy enough for him to call me, so we might as well check
+ it now, just to prevent someone posting a bogus YouTube
+ video in the future.
+ */
+ if (pad > pkt_auth_blob->length) {
+ return NT_STATUS_INFO_LENGTH_MISMATCH;
+ }
+
*auth_length = pkt_auth_blob->length - pad;
ndr = ndr_pull_init_blob(pkt_auth_blob, mem_ctx, NULL);
--
Samba Shared Repository
More information about the samba-cvs
mailing list