From 36fb8185edc70dfdedbf6e26c2aafaa3c46a9102 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 17 Aug 2005 12:28:47 +0000 Subject: [PATCH] r9356: a better way of coping with NULL arrays in the array bounds checking. This copes with the case of size_is(*size) where size is NULL, and the array is NULL (This used to be commit 56769b4b1d900cce60cd35298b642a85e4eddfee) --- source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm | 4 ++++ source4/librpc/ndr/ndr.c | 8 -------- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm b/source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm index 65b9ed57bcf..4dd838bcb73 100644 --- a/source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm +++ b/source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm @@ -319,14 +319,18 @@ sub ParseArrayPullHeader($$$$$) if ($l->{IS_CONFORMANT} and not $l->{IS_ZERO_TERMINATED}) { my $size = ParseExpr($l->{SIZE_IS}, $env); + defer "if ($var_name) {"; check_null_pointer_deferred($size); defer "NDR_CHECK(ndr_check_array_size(ndr, (void*)" . get_pointer_to($var_name) . ", $size));"; + defer "}"; } if ($l->{IS_VARYING} and not $l->{IS_ZERO_TERMINATED}) { my $length = ParseExpr($l->{LENGTH_IS}, $env); + defer "if ($var_name) {"; check_null_pointer_deferred($length); defer "NDR_CHECK(ndr_check_array_length(ndr, (void*)" . get_pointer_to($var_name) . ", $length));"; + defer "}" } if (!$l->{IS_FIXED}) { diff --git a/source4/librpc/ndr/ndr.c b/source4/librpc/ndr/ndr.c index 2cbb83a0f42..3a291c2cf8f 100644 --- a/source4/librpc/ndr/ndr.c +++ b/source4/librpc/ndr/ndr.c @@ -493,10 +493,6 @@ uint32_t ndr_get_array_size(struct ndr_pull *ndr, const void *p) NTSTATUS ndr_check_array_size(struct ndr_pull *ndr, void *p, uint32_t size) { uint32_t stored; - /* a NULL array is OK */ - if (*(void **)p == NULL) { - return NT_STATUS_OK; - } stored = ndr_token_peek(&ndr->array_size_list, p); if (stored != size) { return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, @@ -535,10 +531,6 @@ uint32_t ndr_get_array_length(struct ndr_pull *ndr, const void *p) NTSTATUS ndr_check_array_length(struct ndr_pull *ndr, void *p, uint32_t length) { uint32_t stored; - /* a NULL array is OK */ - if (*(void **)p == NULL) { - return NT_STATUS_OK; - } stored = ndr_token_peek(&ndr->array_length_list, p); if (stored != length) { return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE,