[PATCHES] MS-PAR rpcclient

Andreas Schneider asn at samba.org
Wed Nov 30 06:39:08 UTC 2016 

On Tuesday, 29 November 2016 10:51:33 CET Jeremy Allison wrote:
> On Wed, Nov 23, 2016 at 04:26:17PM +0100, Günther Deschner wrote:
> > On 23/11/16 16:14, Andreas Schneider wrote:
> > > On Wednesday, 23 November 2016 16:04:47 CET Günther Deschner wrote:
> > >> Hi,
> > >> 
> > >> attached some patches to create a basic iremotewinspool rpcclient tool.
> > >> 
> > >> Note that the object_uuid is set directly in the
> > >> dcerpc_binding_handle_call() unlike our smbtorture4 client
> > >> iremotewinspool code where we set the interface specific object_uuid
> > >> via
> > >> the binding handle (passing down the full binding in s3 rpc_client code
> > >> would require some major restructuring which we would like to avoid for
> > >> now).
> > > 
> > > a) We have 2016, see copyright :)
> > 
> > Yeah but the code was in fact written in 2013.
> > 
> > > b) Instead of Async* I would prefered if calls would start with winspool
> > > instead. This make it clear we use the winspool protocol here. We have
> > > tab
> > > completion in rpcclient and this would make it easier to find a winspool
> > > comand.
> > 
> > Done, I added a winspool_ prefix now. Better?
> 
> I know this is now in the build, but do we need
> any integer wrap protections in the librpc/ndr/ndr_cab.c
> code ?
> 
> I'm thinking of things like:
> 
> ndr_size_cab_file()
> ...
>         for (i = 0; i < r->cfheader.cFiles; i++) {
>                 size += ndr_size_CFFILE(&r->cffiles[i], 0);
>         }
> 
>         /* data */
>         for (i = 0; i < ndr_count_cfdata(r); i++) {
>                 size += 8 + r->cfdata[i].cbData;
>         }
> 
> size might need integer wrap protection here.
> 
> ndr_count_cfdata()
> ...
>         for (i = 0; i < r->cfheader.cFolders; i++) {
>                 count += r->cffolders[i].cCFData;
>         }
> 
> Same there.
> 
> Pure paranoia of course, but these days I find
> paranoia is usually justified :-).
> 
> What do you think ? If you agree I can code it
> up for you to review.

I'm fine with adding it. It is also easier to spot if something really goes 
wrong.



	Andreas


-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org

More information about the samba-technical mailing list