mirror of
https://github.com/samba-team/samba.git
synced 2025-01-12 09:18:10 +03:00
r26418: Janitorial: Kill pstring in ntlmssp_parse.c
(This used to be commit 718a5a1f3c
)
This commit is contained in:
parent
80b62dae14
commit
1efd92e64e
@ -209,7 +209,9 @@ bool msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob,
|
|||||||
uint16_t len1, len2;
|
uint16_t len1, len2;
|
||||||
uint32_t ptr;
|
uint32_t ptr;
|
||||||
uint32_t *v;
|
uint32_t *v;
|
||||||
pstring p;
|
size_t p_len = 1024;
|
||||||
|
char *p = talloc_array(mem_ctx, char, p_len);
|
||||||
|
bool ret = true;
|
||||||
|
|
||||||
va_start(ap, format);
|
va_start(ap, format);
|
||||||
for (i=0; format[i]; i++) {
|
for (i=0; format[i]; i++) {
|
||||||
@ -226,21 +228,27 @@ bool msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob,
|
|||||||
} else {
|
} else {
|
||||||
/* make sure its in the right format - be strict */
|
/* make sure its in the right format - be strict */
|
||||||
if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
|
if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
|
||||||
return false;
|
ret = false;
|
||||||
|
goto cleanup;
|
||||||
}
|
}
|
||||||
if (len1 & 1) {
|
if (len1 & 1) {
|
||||||
/* if odd length and unicode */
|
/* if odd length and unicode */
|
||||||
return false;
|
ret = false;
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
if (blob->data + ptr < (uint8_t *)ptr ||
|
||||||
|
blob->data + ptr < blob->data) {
|
||||||
|
ret = false;
|
||||||
|
goto cleanup;
|
||||||
}
|
}
|
||||||
if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
|
|
||||||
return false;
|
|
||||||
|
|
||||||
if (0 < len1) {
|
if (0 < len1) {
|
||||||
pull_string(global_smb_iconv_convenience, p, blob->data + ptr, sizeof(p),
|
pull_string(global_smb_iconv_convenience, p, blob->data + ptr, p_len,
|
||||||
len1, STR_UNICODE|STR_NOALIGN);
|
len1, STR_UNICODE|STR_NOALIGN);
|
||||||
(*ps) = talloc_strdup(mem_ctx, p);
|
(*ps) = talloc_strdup(mem_ctx, p);
|
||||||
if (!(*ps)) {
|
if (!(*ps)) {
|
||||||
return false;
|
ret = false;
|
||||||
|
goto cleanup;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
(*ps) = "";
|
(*ps) = "";
|
||||||
@ -259,18 +267,23 @@ bool msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob,
|
|||||||
*ps = "";
|
*ps = "";
|
||||||
} else {
|
} else {
|
||||||
if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
|
if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
|
||||||
return false;
|
ret = false;
|
||||||
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
|
if (blob->data + ptr < (uint8_t *)ptr ||
|
||||||
return false;
|
blob->data + ptr < blob->data) {
|
||||||
|
ret = false;
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
if (0 < len1) {
|
if (0 < len1) {
|
||||||
pull_string(global_smb_iconv_convenience, p, blob->data + ptr, sizeof(p),
|
pull_string(global_smb_iconv_convenience, p, blob->data + ptr, p_len,
|
||||||
len1, STR_ASCII|STR_NOALIGN);
|
len1, STR_ASCII|STR_NOALIGN);
|
||||||
(*ps) = talloc_strdup(mem_ctx, p);
|
(*ps) = talloc_strdup(mem_ctx, p);
|
||||||
if (!(*ps)) {
|
if (!(*ps)) {
|
||||||
return false;
|
ret = false;
|
||||||
|
goto cleanup;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
(*ps) = "";
|
(*ps) = "";
|
||||||
@ -289,11 +302,15 @@ bool msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob,
|
|||||||
} else {
|
} else {
|
||||||
/* make sure its in the right format - be strict */
|
/* make sure its in the right format - be strict */
|
||||||
if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
|
if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
|
||||||
return false;
|
ret = false;
|
||||||
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
|
if (blob->data + ptr < (uint8_t *)ptr ||
|
||||||
return false;
|
blob->data + ptr < blob->data) {
|
||||||
|
ret = false;
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
*b = data_blob_talloc(mem_ctx, blob->data + ptr, len1);
|
*b = data_blob_talloc(mem_ctx, blob->data + ptr, len1);
|
||||||
}
|
}
|
||||||
@ -303,8 +320,11 @@ bool msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob,
|
|||||||
len1 = va_arg(ap, uint_t);
|
len1 = va_arg(ap, uint_t);
|
||||||
/* make sure its in the right format - be strict */
|
/* make sure its in the right format - be strict */
|
||||||
NEED_DATA(len1);
|
NEED_DATA(len1);
|
||||||
if (blob->data + head_ofs < (uint8_t *)head_ofs || blob->data + head_ofs < blob->data)
|
if (blob->data + head_ofs < (uint8_t *)head_ofs ||
|
||||||
return false;
|
blob->data + head_ofs < blob->data) {
|
||||||
|
ret = false;
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
*b = data_blob_talloc(mem_ctx, blob->data + head_ofs, len1);
|
*b = data_blob_talloc(mem_ctx, blob->data + head_ofs, len1);
|
||||||
head_ofs += len1;
|
head_ofs += len1;
|
||||||
@ -317,19 +337,26 @@ bool msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob,
|
|||||||
case 'C':
|
case 'C':
|
||||||
s = va_arg(ap, char *);
|
s = va_arg(ap, char *);
|
||||||
|
|
||||||
if (blob->data + head_ofs < (uint8_t *)head_ofs || blob->data + head_ofs < blob->data)
|
if (blob->data + head_ofs < (uint8_t *)head_ofs ||
|
||||||
return false;
|
blob->data + head_ofs < blob->data) {
|
||||||
|
ret = false;
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
head_ofs += pull_string(global_smb_iconv_convenience, p, blob->data+head_ofs, sizeof(p),
|
head_ofs += pull_string(global_smb_iconv_convenience, p,
|
||||||
|
blob->data+head_ofs, p_len,
|
||||||
blob->length - head_ofs,
|
blob->length - head_ofs,
|
||||||
STR_ASCII|STR_TERMINATE);
|
STR_ASCII|STR_TERMINATE);
|
||||||
if (strcmp(s, p) != 0) {
|
if (strcmp(s, p) != 0) {
|
||||||
return false;
|
ret = false;
|
||||||
|
goto cleanup;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
va_end(ap);
|
|
||||||
|
|
||||||
return true;
|
cleanup:
|
||||||
|
va_end(ap);
|
||||||
|
talloc_free(p);
|
||||||
|
return ret;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user