sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code

r26418: Janitorial: Kill pstring in ntlmssp_parse.c

Browse Source 
(This used to be commit 718a5a1f3c)
This commit is contained in:
Kai Blin 2007-12-12 19:38:22 +01:00 committed by Stefan Metzmacher
parent 80b62dae14
commit 1efd92e64e
1 changed files with 55 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
source4/auth/ntlmssp/ntlmssp_parse.c
View File

@ -209,7 +209,9 @@ bool msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob,
uint16_t len1, len2; uint16_t len1, len2;
uint32_t ptr; uint32_t ptr;
uint32_t *v; uint32_t *v;
pstring p; size_t p_len = 1024;
char *p = talloc_array(mem_ctx, char, p_len);
bool ret = true;
va_start(ap, format); va_start(ap, format);
for (i=0; format[i]; i++) { for (i=0; format[i]; i++) {
@ -226,21 +228,27 @@ bool msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob,
} else { } else {
/* make sure its in the right format - be strict */ /* make sure its in the right format - be strict */
if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) { if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
return false; ret = false;
goto cleanup;
} }
if (len1 & 1) { if (len1 & 1) {
/* if odd length and unicode */ /* if odd length and unicode */
return false; ret = false;
goto cleanup;
}
if (blob->data + ptr < (uint8_t *)ptr ||
blob->data + ptr < blob->data) {
ret = false;
goto cleanup;
} }
if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
return false;
if (0 < len1) { if (0 < len1) {
pull_string(global_smb_iconv_convenience, p, blob->data + ptr, sizeof(p), pull_string(global_smb_iconv_convenience, p, blob->data + ptr, p_len,
len1, STR_UNICODE|STR_NOALIGN); len1, STR_UNICODE|STR_NOALIGN);
(*ps) = talloc_strdup(mem_ctx, p); (*ps) = talloc_strdup(mem_ctx, p);
if (!(*ps)) { if (!(*ps)) {
return false; ret = false;
goto cleanup;
} }
} else { } else {
(*ps) = ""; (*ps) = "";
@ -259,18 +267,23 @@ bool msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob,
*ps = ""; *ps = "";
} else { } else {
if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) { if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
return false; ret = false;
goto cleanup;
} }
if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data) if (blob->data + ptr < (uint8_t *)ptr ||
return false; blob->data + ptr < blob->data) {
ret = false;
goto cleanup;
}
if (0 < len1) { if (0 < len1) {
pull_string(global_smb_iconv_convenience, p, blob->data + ptr, sizeof(p), pull_string(global_smb_iconv_convenience, p, blob->data + ptr, p_len,
len1, STR_ASCII|STR_NOALIGN); len1, STR_ASCII|STR_NOALIGN);
(*ps) = talloc_strdup(mem_ctx, p); (*ps) = talloc_strdup(mem_ctx, p);
if (!(*ps)) { if (!(*ps)) {
return false; ret = false;
goto cleanup;
} }
} else { } else {
(*ps) = ""; (*ps) = "";
@ -289,12 +302,16 @@ bool msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob,
} else { } else {
/* make sure its in the right format - be strict */ /* make sure its in the right format - be strict */
if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) { if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
return false; ret = false;
goto cleanup;
}
if (blob->data + ptr < (uint8_t *)ptr ||
blob->data + ptr < blob->data) {
ret = false;
goto cleanup;
} }
if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
return false;
*b = data_blob_talloc(mem_ctx, blob->data + ptr, len1); *b = data_blob_talloc(mem_ctx, blob->data + ptr, len1);
} }
break; break;
@ -303,9 +320,12 @@ bool msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob,
len1 = va_arg(ap, uint_t); len1 = va_arg(ap, uint_t);
/* make sure its in the right format - be strict */ /* make sure its in the right format - be strict */
NEED_DATA(len1); NEED_DATA(len1);
if (blob->data + head_ofs < (uint8_t *)head_ofs || blob->data + head_ofs < blob->data) if (blob->data + head_ofs < (uint8_t *)head_ofs ||
return false; blob->data + head_ofs < blob->data) {
ret = false;
goto cleanup;
}
*b = data_blob_talloc(mem_ctx, blob->data + head_ofs, len1); *b = data_blob_talloc(mem_ctx, blob->data + head_ofs, len1);
head_ofs += len1; head_ofs += len1;
break; break;
@ -317,19 +337,26 @@ bool msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob,
case 'C': case 'C':
s = va_arg(ap, char *); s = va_arg(ap, char *);
if (blob->data + head_ofs < (uint8_t *)head_ofs || blob->data + head_ofs < blob->data) if (blob->data + head_ofs < (uint8_t *)head_ofs ||
return false; blob->data + head_ofs < blob->data) {
ret = false;
head_ofs += pull_string(global_smb_iconv_convenience, p, blob->data+head_ofs, sizeof(p), goto cleanup;
blob->length - head_ofs, }
STR_ASCII|STR_TERMINATE);
head_ofs += pull_string(global_smb_iconv_convenience, p,
blob->data+head_ofs, p_len,
blob->length - head_ofs,
STR_ASCII|STR_TERMINATE);
if (strcmp(s, p) != 0) { if (strcmp(s, p) != 0) {
return false; ret = false;
goto cleanup;
} }
break; break;
} }
} }
va_end(ap);
return true; cleanup:
va_end(ap);
talloc_free(p);
return ret;
} }