1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

r11141: Re-add paranoid string terminator check

(This used to be commit 55805b5ed9)
This commit is contained in:
Jelmer Vernooij 2005-10-18 14:12:33 +00:00 committed by Gerald (Jerry) Carter
parent bf59ef9d72
commit 087dd76232
2 changed files with 31 additions and 16 deletions

View File

@ -612,21 +612,24 @@ uint32_t ndr_string_length(const void *_var, uint32_t element_size)
return i+1;
}
NTSTATUS ndr_check_string_terminator(struct ndr_pull *ndr, const void *_var, uint32_t count, uint32_t element_size)
NTSTATUS ndr_check_string_terminator(struct ndr_pull *ndr, uint32_t count, uint32_t element_size)
{
const char *var = _var;
uint32_t i;
struct ndr_pull_save save_offset;
var += element_size*(count-1);
ndr_pull_save(ndr, &save_offset);
ndr_pull_advance(ndr, (count - 1) * element_size);
NDR_PULL_NEED_BYTES(ndr, element_size);
for (i = 0; i < element_size; i++) {
if (var[i] != 0) {
return NT_STATUS_UNSUCCESSFUL;
if (ndr->data[ndr->offset+i] != 0) {
return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "String terminator not present or outside string boundaries");
}
}
return NT_STATUS_OK;
ndr_pull_restore(ndr, &save_offset);
return NT_STATUS_OK;
}
NTSTATUS ndr_pull_charset(struct ndr_pull *ndr, int ndr_flags, const char **var, uint32_t length, uint8_t byte_mul, int chset)

View File

@ -923,6 +923,15 @@ sub ParseMemCtxPullEnd($$)
pidl "NDR_PULL_SET_MEM_CTX(ndr, $mem_r_ctx, $mem_r_flags);";
}
sub CheckStringTerminator($$$$)
{
my ($ndr,$e,$l,$length) = @_;
my $nl = GetNextLevel($e, $l);
# Make sure last element is zero!
pidl "NDR_CHECK(ndr_check_string_terminator($ndr, $length, sizeof($nl->{DATA_TYPE}_t)));";
}
sub ParseElementPullLevel
{
my($e,$l,$ndr,$var_name,$env,$primitives,$deferred) = @_;
@ -945,14 +954,16 @@ sub ParseElementPullLevel
my $nl = GetNextLevel($e, $l);
if (is_charset_array($e,$l)) {
if ($l->{IS_ZERO_TERMINATED}) {
CheckStringTerminator($ndr, $e, $l, $length);
}
pidl "NDR_CHECK(ndr_pull_charset($ndr, $ndr_flags, ".get_pointer_to($var_name).", $length, sizeof(" . mapType($nl->{DATA_TYPE}) . "), CH_$e->{PROPERTIES}->{charset}));";
return;
} elsif (has_fast_array($e, $l)) {
pidl "NDR_CHECK(ndr_pull_array_$nl->{DATA_TYPE}($ndr, $ndr_flags, $var_name, $length));";
if ($l->{IS_ZERO_TERMINATED}) {
# Make sure last element is zero!
pidl "NDR_CHECK(ndr_check_string_terminator($ndr, $var_name, $length, sizeof(*$var_name)));";
CheckStringTerminator($ndr,$e,$l,$length);
}
pidl "NDR_CHECK(ndr_pull_array_$nl->{DATA_TYPE}($ndr, $ndr_flags, $var_name, $length));";
return;
}
} elsif ($l->{TYPE} eq "POINTER") {
@ -1002,16 +1013,17 @@ sub ParseElementPullLevel
ParseMemCtxPullStart($e,$l, $array_name);
if (($primitives and not $l->{IS_DEFERRED}) or ($deferred and $l->{IS_DEFERRED})) {
pidl "for ($counter = 0; $counter < $length; $counter++) {";
indent;
ParseElementPullLevel($e,GetNextLevel($e,$l), $ndr, $var_name, $env, 1, 0);
deindent;
pidl "}";
my $nl = GetNextLevel($e,$l);
if ($l->{IS_ZERO_TERMINATED}) {
# Make sure last element is zero!
pidl "NDR_CHECK(ndr_check_string_terminator($ndr, $var_name, $length, sizeof(*$var_name)));";
CheckStringTerminator($ndr,$e,$l,$length);
}
pidl "for ($counter = 0; $counter < $length; $counter++) {";
indent;
ParseElementPullLevel($e, $nl, $ndr, $var_name, $env, 1, 0);
deindent;
pidl "}";
}
if ($deferred and ContainsDeferred($e, $l)) {