diff --git a/source/librpc/ndr/ndr_string.c b/source/librpc/ndr/ndr_string.c index 96f48edda95..fcc529cbd10 100644 --- a/source/librpc/ndr/ndr_string.c +++ b/source/librpc/ndr/ndr_string.c @@ -623,6 +623,8 @@ NTSTATUS ndr_check_string_terminator(struct ndr_pull *ndr, uint32_t count, uint3 for (i = 0; i < element_size; i++) { if (ndr->data[ndr->offset+i] != 0) { + ndr_pull_restore(ndr, &save_offset); + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "String terminator not present or outside string boundaries"); } } @@ -639,7 +641,15 @@ NTSTATUS ndr_pull_charset(struct ndr_pull *ndr, int ndr_flags, const char **var, *var = talloc_strdup(ndr->current_mem_ctx, ""); return NT_STATUS_OK; } + NDR_PULL_NEED_BYTES(ndr, length*byte_mul); + + if (ndr->flags & LIBNDR_FLAG_STR_NULLTERM) { + /* Explicitly ignore the return value here. An array that + * is not zero-terminated is considered a warning only, not fatal */ + ndr_check_string_terminator(ndr, length, byte_mul); + } + ret = convert_string_talloc(ndr->current_mem_ctx, chset, CH_UNIX, ndr->data+ndr->offset, diff --git a/source/torture/config.mk b/source/torture/config.mk index ec79675f650..2d934fa009d 100644 --- a/source/torture/config.mk +++ b/source/torture/config.mk @@ -108,7 +108,8 @@ OBJ_FILES = \ rpc/bind.o \ rpc/dssetup.o \ rpc/alter_context.o \ - rpc/bench.o + rpc/bench.o \ + rpc/ndr.o REQUIRED_SUBSYSTEMS = \ NDR_ALL RPC_NDR_UNIXINFO RPC_NDR_SAMR RPC_NDR_WINREG RPC_NDR_INITSHUTDOWN \ RPC_NDR_OXIDRESOLVER RPC_NDR_EVENTLOG RPC_NDR_ECHO RPC_NDR_SVCCTL \ diff --git a/source/torture/rpc/ndr.c b/source/torture/rpc/ndr.c new file mode 100644 index 00000000000..6dbcf3e7950 --- /dev/null +++ b/source/torture/rpc/ndr.c @@ -0,0 +1,97 @@ +/* + Unix SMB/CIFS implementation. + test suite for basic ndr functions + + Copyright (C) Jelmer Vernooij 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +BOOL test_check_string_terminator(TALLOC_CTX *mem_ctx) +{ + struct ndr_pull *ndr; + DATA_BLOB blob; + + /* Simple test */ + blob = strhex_to_data_blob("0000"); + + ndr = ndr_pull_init_blob(&blob, mem_ctx); + + if (NT_STATUS_IS_ERR(ndr_check_string_terminator(ndr, 1, 2))) { + DEBUG(0, ("simple check_string_terminator test failed\n")); + return False; + } + + if (ndr->offset != 0) { + DEBUG(0, ("check_string_terminator did not reset offset\n")); + return False; + } + + if (NT_STATUS_IS_OK(ndr_check_string_terminator(ndr, 1, 3))) { + DEBUG(0, ("check_string_terminator checked beyond string boundaries\n")); + return False; + } + + if (ndr->offset != 0) { + DEBUG(0, ("check_string_terminator did not reset offset\n")); + return False; + } + + talloc_free(ndr); + + blob = strhex_to_data_blob("11220000"); + ndr = ndr_pull_init_blob(&blob, mem_ctx); + + if (NT_STATUS_IS_ERR(ndr_check_string_terminator(ndr, 4, 1))) { + DEBUG(0, ("check_string_terminator failed to recognize terminator\n")); + return False; + } + + if (NT_STATUS_IS_ERR(ndr_check_string_terminator(ndr, 3, 1))) { + DEBUG(0, ("check_string_terminator failed to recognize terminator\n")); + return False; + } + + if (NT_STATUS_IS_OK(ndr_check_string_terminator(ndr, 2, 1))) { + DEBUG(0, ("check_string_terminator erroneously reported terminator\n")); + return False; + } + + if (ndr->offset != 0) { + DEBUG(0, ("check_string_terminator did not reset offset\n")); + return False; + } + + talloc_free(ndr); + + return True; +} + +BOOL torture_rpc_ndr(void) +{ + NTSTATUS status; + TALLOC_CTX *mem_ctx; + BOOL ret = True; + + mem_ctx = talloc_init("torture_rpc_mgmt"); + + ret &= test_check_string_terminator(mem_ctx); + + talloc_free(mem_ctx); + + return ret; +} diff --git a/source/torture/torture.c b/source/torture/torture.c index a6ec030c1d6..1b591c6bb84 100644 --- a/source/torture/torture.c +++ b/source/torture/torture.c @@ -2305,6 +2305,7 @@ static struct { {"RPC-ALTERCONTEXT", torture_rpc_alter_context, 0}, {"RPC-JOIN", torture_rpc_join, 0}, {"RPC-DSSYNC", torture_rpc_dssync, 0}, + {"RPC-NDR", torture_rpc_ndr, 0}, /* local (no server) testers */ {"LOCAL-NTLMSSP", torture_ntlmssp_self_check, 0},