sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-03 13:47:25 +03:00
Code

Change size parameters from signed to unsigned to fix up warnings.

Browse Source 
Jeremy.
This commit is contained in:
Jeremy Allison -
parent 98ed7e0cbb
commit 33b11d5eb5
5 changed files with 191 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
source/include/client.h
View File

@ -113,7 +113,7 @@ struct cli_state {
int max_mux;
char *outbuf;
char *inbuf;
int bufsize;
unsigned int bufsize;
int initialised;
int win95;
uint32 capabilities;

12
source/libsmb/clifile.c
View File

@ -29,8 +29,8 @@
static BOOL cli_link_internal(struct cli_state *cli, const char *fname_src, const char *fname_dst, BOOL hard_link)
{
int data_len = 0;
int param_len = 0;
unsigned int data_len = 0;
unsigned int param_len = 0;
uint16 setup = TRANSACT2_SETPATHINFO;
char param[sizeof(pstring)+6];
pstring data;
@ -123,8 +123,8 @@ BOOL cli_unix_hardlink(struct cli_state *cli, const char *fname_src, const char
static BOOL cli_unix_chmod_chown_internal(struct cli_state *cli, const char *fname, uint32 mode, uint32 uid, uint32 gid)
{
int data_len = 0;
int param_len = 0;
unsigned int data_len = 0;
unsigned int param_len = 0;
uint16 setup = TRANSACT2_SETPATHINFO;
char param[sizeof(pstring)+6];
char data[100];
@ -335,8 +335,8 @@ BOOL cli_rmdir(struct cli_state *cli, const char *dname)
int cli_nt_delete_on_close(struct cli_state *cli, int fnum, BOOL flag)
{
int data_len = 1;
int param_len = 6;
unsigned int data_len = 1;
unsigned int param_len = 6;
uint16 setup = TRANSACT2_SETFILEINFO;
pstring param;
unsigned char data;

2
source/libsmb/clilist.c
View File

@ -154,7 +154,7 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
int ff_dir_handle=0;
int loop_count = 0;
char *rparam=NULL, *rdata=NULL;
int param_len, data_len;
unsigned int param_len, data_len;
uint16 setup;
pstring param;

38
source/libsmb/clirap.c
View File

@ -41,8 +41,8 @@ BOOL cli_api_pipe(struct cli_state *cli, const char *pipe_name,
data, data_count, max_data_count);
return (cli_receive_trans(cli, SMBtrans,
rparam, (int *)rparam_count,
rdata, (int *)rdata_count));
rparam, (unsigned int *)rparam_count,
rdata, (unsigned int *)rdata_count));
}
/****************************************************************************
@ -51,8 +51,8 @@ call a remote api
BOOL cli_api(struct cli_state *cli,
char *param, int prcnt, int mprcnt,
char *data, int drcnt, int mdrcnt,
char **rparam, int *rprcnt,
char **rdata, int *rdrcnt)
char **rparam, unsigned int *rprcnt,
char **rdata, unsigned int *rdrcnt)
{
cli_send_trans(cli,SMBtrans,
PIPE_LANMAN, /* Name */
@ -286,8 +286,8 @@ BOOL cli_oem_change_password(struct cli_state *cli, const char *user, const char
char *p = param;
unsigned char old_pw_hash[16];
unsigned char new_pw_hash[16];
int data_len;
int param_len = 0;
unsigned int data_len;
unsigned int param_len = 0;
char *rparam = NULL;
char *rdata = NULL;
int rprcnt, rdrcnt;
@ -368,9 +368,9 @@ BOOL cli_qpathinfo(struct cli_state *cli, const char *fname,
time_t *c_time, time_t *a_time, time_t *m_time,
size_t *size, uint16 *mode)
{
int data_len = 0;
int param_len = 0;
int rparam_len, rdata_len;
unsigned int data_len = 0;
unsigned int param_len = 0;
unsigned int rparam_len, rdata_len;
uint16 setup = TRANSACT2_QPATHINFO;
pstring param;
char *rparam=NULL, *rdata=NULL;
@ -449,8 +449,8 @@ BOOL cli_qpathinfo2(struct cli_state *cli, const char *fname,
time_t *w_time, size_t *size, uint16 *mode,
SMB_INO_T *ino)
{
int data_len = 0;
int param_len = 0;
unsigned int data_len = 0;
unsigned int param_len = 0;
uint16 setup = TRANSACT2_QPATHINFO;
pstring param;
char *rparam=NULL, *rdata=NULL;
@ -518,8 +518,8 @@ send a qfileinfo QUERY_FILE_NAME_INFO call
BOOL cli_qfilename(struct cli_state *cli, int fnum,
pstring name)
{
int data_len = 0;
int param_len = 0;
unsigned int data_len = 0;
unsigned int param_len = 0;
uint16 setup = TRANSACT2_QFILEINFO;
pstring param;
char *rparam=NULL, *rdata=NULL;
@ -563,8 +563,8 @@ BOOL cli_qfileinfo(struct cli_state *cli, int fnum,
time_t *c_time, time_t *a_time, time_t *m_time,
time_t *w_time, SMB_INO_T *ino)
{
int data_len = 0;
int param_len = 0;
unsigned int data_len = 0;
unsigned int param_len = 0;
uint16 setup = TRANSACT2_QFILEINFO;
pstring param;
char *rparam=NULL, *rdata=NULL;
@ -631,8 +631,8 @@ send a qfileinfo call
****************************************************************************/
BOOL cli_qfileinfo_test(struct cli_state *cli, int fnum, int level, char *outdata)
{
int data_len = 0;
int param_len = 0;
unsigned int data_len = 0;
unsigned int param_len = 0;
uint16 setup = TRANSACT2_QFILEINFO;
pstring param;
char *rparam=NULL, *rdata=NULL;
@ -677,8 +677,8 @@ send a qpathinfo SMB_QUERY_FILE_ALT_NAME_INFO call
****************************************************************************/
NTSTATUS cli_qpathinfo_alt_name(struct cli_state *cli, const char *fname, fstring alt_name)
{
int data_len = 0;
int param_len = 0;
unsigned int data_len = 0;
unsigned int param_len = 0;
uint16 setup = TRANSACT2_QPATHINFO;
pstring param;
char *rparam=NULL, *rdata=NULL;

233
source/libsmb/clitrans.c
View File

@ -24,18 +24,19 @@
/****************************************************************************
send a SMB trans or trans2 request
****************************************************************************/
Send a SMB trans or trans2 request.
****************************************************************************/
BOOL cli_send_trans(struct cli_state *cli, int trans,
const char *pipe_name,
int fid, int flags,
uint16 *setup, int lsetup, int msetup,
char *param, int lparam, int mparam,
char *data, int ldata, int mdata)
uint16 *setup, unsigned int lsetup, unsigned int msetup,
char *param, unsigned int lparam, unsigned int mparam,
char *data, unsigned int ldata, unsigned int mdata)
{
int i;
int this_ldata,this_lparam;
int tot_data=0,tot_param=0;
unsigned int this_ldata,this_lparam;
unsigned int tot_data=0,tot_param=0;
char *outdata,*outparam;
char *p;
int pipe_name_len=0;
@ -83,14 +84,13 @@ BOOL cli_send_trans(struct cli_state *cli, int trans,
cli_setup_bcc(cli, outdata+this_ldata);
show_msg(cli->outbuf);
cli_send_smb(cli);
if (!cli_send_smb(cli))
return False;
if (this_ldata < ldata || this_lparam < lparam) {
/* receive interim response */
if (!cli_receive_smb(cli) ||
cli_is_error(cli)) {
if (!cli_receive_smb(cli) || cli_is_error(cli))
return(False);
}
tot_data = this_ldata;
tot_param = this_lparam;
@ -123,7 +123,8 @@ BOOL cli_send_trans(struct cli_state *cli, int trans,
cli_setup_bcc(cli, outdata+this_ldata);
show_msg(cli->outbuf);
cli_send_smb(cli);
if (!cli_send_smb(cli))
return False;
tot_data += this_ldata;
tot_param += this_lparam;
@ -133,17 +134,17 @@ BOOL cli_send_trans(struct cli_state *cli, int trans,
return(True);
}
/****************************************************************************
receive a SMB trans or trans2 response allocating the necessary memory
****************************************************************************/
Receive a SMB trans or trans2 response allocating the necessary memory.
****************************************************************************/
BOOL cli_receive_trans(struct cli_state *cli,int trans,
char **param, int *param_len,
char **data, int *data_len)
char **param, unsigned int *param_len,
char **data, unsigned int *data_len)
{
int total_data=0;
int total_param=0;
int this_data,this_param;
unsigned int total_data=0;
unsigned int total_param=0;
unsigned int this_data,this_param;
NTSTATUS status;
char *tdata;
char *tparam;
@ -170,9 +171,8 @@ BOOL cli_receive_trans(struct cli_state *cli,int trans,
*/
status = cli_nt_error(cli);
if (NT_STATUS_IS_ERR(status)) {
if (NT_STATUS_IS_ERR(status))
return False;
}
/* parse out the lengths */
total_data = SVAL(cli->inbuf,smb_tdrcnt);
@ -199,7 +199,7 @@ BOOL cli_receive_trans(struct cli_state *cli,int trans,
*param = tparam;
}
while (1) {
for (;;) {
this_data = SVAL(cli->inbuf,smb_drcnt);
this_param = SVAL(cli->inbuf,smb_prcnt);
@ -209,21 +209,59 @@ BOOL cli_receive_trans(struct cli_state *cli,int trans,
return False;
}
if (this_data)
memcpy(*data + SVAL(cli->inbuf,smb_drdisp),
smb_base(cli->inbuf) + SVAL(cli->inbuf,smb_droff),
this_data);
if (this_param)
memcpy(*param + SVAL(cli->inbuf,smb_prdisp),
smb_base(cli->inbuf) + SVAL(cli->inbuf,smb_proff),
this_param);
if (this_data + *data_len < this_data ||
this_data + *data_len < *data_len ||
this_param + *param_len < this_param ||
this_param + *param_len < *param_len) {
DEBUG(1,("Data overflow in cli_receive_trans\n"));
return False;
}
if (this_data) {
unsigned int data_offset_out = SVAL(cli->inbuf,smb_drdisp);
unsigned int data_offset_in = SVAL(cli->inbuf,smb_droff);
if (data_offset_out > total_data ||
data_offset_out + this_data > total_data ||
data_offset_out + this_data < data_offset_out ||
data_offset_out + this_data < this_data) {
DEBUG(1,("Data overflow in cli_receive_trans\n"));
return False;
}
if (data_offset_in > cli->bufsize ||
data_offset_in + this_data > cli->bufsize ||
data_offset_in + this_data < data_offset_in ||
data_offset_in + this_data < this_data) {
DEBUG(1,("Data overflow in cli_receive_trans\n"));
return False;
}
memcpy(*data + data_offset_out, smb_base(cli->inbuf) + data_offset_in, this_data);
}
if (this_param) {
unsigned int param_offset_out = SVAL(cli->inbuf,smb_prdisp);
unsigned int param_offset_in = SVAL(cli->inbuf,smb_proff);
if (param_offset_out > total_param ||
param_offset_out + this_param > total_param ||
param_offset_out + this_param < param_offset_out ||
param_offset_out + this_param < this_param) {
DEBUG(1,("Param overflow in cli_receive_trans\n"));
return False;
}
if (param_offset_in > cli->bufsize ||
param_offset_in + this_param > cli->bufsize ||
param_offset_in + this_param < param_offset_in ||
param_offset_in + this_param < this_param) {
DEBUG(1,("Param overflow in cli_receive_trans\n"));
return False;
}
memcpy(*param + param_offset_out, smb_base(cli->inbuf) + param_offset_in, this_param);
}
*data_len += this_data;
*param_len += this_param;
/* parse out the total lengths again - they can shrink! */
total_data = SVAL(cli->inbuf,smb_tdrcnt);
total_param = SVAL(cli->inbuf,smb_tprcnt);
if (total_data <= *data_len && total_param <= *param_len)
break;
@ -242,27 +280,35 @@ BOOL cli_receive_trans(struct cli_state *cli,int trans,
if (NT_STATUS_IS_ERR(cli_nt_error(cli))) {
return(False);
}
/* parse out the total lengths again - they can shrink! */
if (SVAL(cli->inbuf,smb_tdrcnt) < total_data)
total_data = SVAL(cli->inbuf,smb_tdrcnt);
if (SVAL(cli->inbuf,smb_tprcnt) < total_param)
total_param = SVAL(cli->inbuf,smb_tprcnt);
if (total_data <= *data_len && total_param <= *param_len)
break;
}
return(True);
}
/****************************************************************************
send a SMB nttrans request
****************************************************************************/
Send a SMB nttrans request.
****************************************************************************/
BOOL cli_send_nt_trans(struct cli_state *cli,
int function,
int flags,
uint16 *setup, int lsetup, int msetup,
char *param, int lparam, int mparam,
char *data, int ldata, int mdata)
uint16 *setup, unsigned int lsetup, unsigned int msetup,
char *param, unsigned int lparam, unsigned int mparam,
char *data, unsigned int ldata, unsigned int mdata)
{
int i;
int this_ldata,this_lparam;
int tot_data=0,tot_param=0;
unsigned int i;
unsigned int this_ldata,this_lparam;
unsigned int tot_data=0,tot_param=0;
char *outdata,*outparam;
this_lparam = MIN(lparam,cli->max_xmit - (500+lsetup*2)); /* hack */
@ -301,14 +347,13 @@ BOOL cli_send_nt_trans(struct cli_state *cli,
cli_setup_bcc(cli, outdata+this_ldata);
show_msg(cli->outbuf);
cli_send_smb(cli);
if (!cli_send_smb(cli))
return False;
if (this_ldata < ldata || this_lparam < lparam) {
/* receive interim response */
if (!cli_receive_smb(cli) ||
cli_is_error(cli)) {
if (!cli_receive_smb(cli) || cli_is_error(cli))
return(False);
}
tot_data = this_ldata;
tot_param = this_lparam;
@ -340,7 +385,8 @@ BOOL cli_send_nt_trans(struct cli_state *cli,
cli_setup_bcc(cli, outdata+this_ldata);
show_msg(cli->outbuf);
cli_send_smb(cli);
if (!cli_send_smb(cli))
return False;
tot_data += this_ldata;
tot_param += this_lparam;
@ -355,13 +401,14 @@ BOOL cli_send_nt_trans(struct cli_state *cli,
/****************************************************************************
receive a SMB nttrans response allocating the necessary memory
****************************************************************************/
BOOL cli_receive_nt_trans(struct cli_state *cli,
char **param, int *param_len,
char **data, int *data_len)
char **param, unsigned int *param_len,
char **data, unsigned int *data_len)
{
int total_data=0;
int total_param=0;
int this_data,this_param;
unsigned int total_data=0;
unsigned int total_param=0;
unsigned int this_data,this_param;
uint8 eclass;
uint32 ecode;
char *tdata;
@ -423,25 +470,65 @@ BOOL cli_receive_nt_trans(struct cli_state *cli,
if (this_data + *data_len > total_data ||
this_param + *param_len > total_param) {
DEBUG(1,("Data overflow in cli_receive_trans\n"));
DEBUG(1,("Data overflow in cli_receive_nt_trans\n"));
return False;
}
if (this_data)
memcpy(*data + SVAL(cli->inbuf,smb_ntr_DataDisplacement),
smb_base(cli->inbuf) + SVAL(cli->inbuf,smb_ntr_DataOffset),
this_data);
if (this_param)
memcpy(*param + SVAL(cli->inbuf,smb_ntr_ParameterDisplacement),
smb_base(cli->inbuf) + SVAL(cli->inbuf,smb_ntr_ParameterOffset),
this_param);
if (this_data + *data_len < this_data ||
this_data + *data_len < *data_len ||
this_param + *param_len < this_param ||
this_param + *param_len < *param_len) {
DEBUG(1,("Data overflow in cli_receive_nt_trans\n"));
return False;
}
if (this_data) {
unsigned int data_offset_out = SVAL(cli->inbuf,smb_ntr_DataDisplacement);
unsigned int data_offset_in = SVAL(cli->inbuf,smb_ntr_DataOffset);
if (data_offset_out > total_data ||
data_offset_out + this_data > total_data ||
data_offset_out + this_data < data_offset_out ||
data_offset_out + this_data < this_data) {
DEBUG(1,("Data overflow in cli_receive_nt_trans\n"));
return False;
}
if (data_offset_in > cli->bufsize ||
data_offset_in + this_data > cli->bufsize ||
data_offset_in + this_data < data_offset_in ||
data_offset_in + this_data < this_data) {
DEBUG(1,("Data overflow in cli_receive_nt_trans\n"));
return False;
}
memcpy(*data + data_offset_out, smb_base(cli->inbuf) + data_offset_in, this_data);
}
if (this_param) {
unsigned int param_offset_out = SVAL(cli->inbuf,smb_ntr_ParameterDisplacement);
unsigned int param_offset_in = SVAL(cli->inbuf,smb_ntr_ParameterOffset);
if (param_offset_out > total_param ||
param_offset_out + this_param > total_param ||
param_offset_out + this_param < param_offset_out ||
param_offset_out + this_param < this_param) {
DEBUG(1,("Param overflow in cli_receive_nt_trans\n"));
return False;
}
if (param_offset_in > cli->bufsize ||
param_offset_in + this_param > cli->bufsize ||
param_offset_in + this_param < param_offset_in ||
param_offset_in + this_param < this_param) {
DEBUG(1,("Param overflow in cli_receive_nt_trans\n"));
return False;
}
memcpy(*param + param_offset_out, smb_base(cli->inbuf) + param_offset_in, this_param);
}
*data_len += this_data;
*param_len += this_param;
/* parse out the total lengths again - they can shrink! */
total_data = SVAL(cli->inbuf,smb_ntr_TotalDataCount);
total_param = SVAL(cli->inbuf,smb_ntr_TotalParameterCount);
if (total_data <= *data_len && total_param <= *param_len)
break;
@ -462,6 +549,14 @@ BOOL cli_receive_nt_trans(struct cli_state *cli,
!(eclass == ERRDOS && ecode == ERRmoredata))
return(False);
}
/* parse out the total lengths again - they can shrink! */
if (SVAL(cli->inbuf,smb_ntr_TotalDataCount) < total_data)
total_data = SVAL(cli->inbuf,smb_ntr_TotalDataCount);
if (SVAL(cli->inbuf,smb_ntr_TotalParameterCount) < total_param)
total_param = SVAL(cli->inbuf,smb_ntr_TotalParameterCount);
if (total_data <= *data_len && total_param <= *param_len)
break;
}
return(True);