sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-12-17 04:23:50 +03:00
Code Activity

Ensure that only parse_prs.c access internal members of the prs_struct.

Browse Source 
Needed to move to disk based i/o later.
Jeremy.
This commit is contained in:
Jeremy Allison
-
parent 4b5b0bcd90
commit 4c3ee228fc
11 changed files with 118 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
source/auth/auth_winbind.c
View File

@@ -36,8 +36,8 @@ static NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct winbindd_response
if (!prs_init(&ps, len, mem_ctx, UNMARSHALL)) { if (!prs_init(&ps, len, mem_ctx, UNMARSHALL)) {
return NT_STATUS_NO_MEMORY; return NT_STATUS_NO_MEMORY;
} }
prs_append_data(&ps, info3_ndr, len); prs_copy_data_in(&ps, info3_ndr, len);
ps.data_offset = 0; prs_set_offset(&ps,0);
if (!net_io_user_info3("", info3, &ps, 1, 3)) { if (!net_io_user_info3("", info3, &ps, 1, 3)) {
DEBUG(2, ("get_info3_from_ndr: could not parse info3 struct!\n")); DEBUG(2, ("get_info3_from_ndr: could not parse info3 struct!\n"));
return NT_STATUS_UNSUCCESSFUL; return NT_STATUS_UNSUCCESSFUL;

16
source/libads/ldap.c
View File

@@ -1157,8 +1157,8 @@ static void dump_sd(const char *filed, struct berval **values)
/* prepare data */ /* prepare data */
prs_init(&ps, values[0]->bv_len, ctx, UNMARSHALL); prs_init(&ps, values[0]->bv_len, ctx, UNMARSHALL);
prs_append_data(&ps, values[0]->bv_val, values[0]->bv_len); prs_copy_data_in(&ps, values[0]->bv_val, values[0]->bv_len);
ps.data_offset = 0; prs_set_offset(&ps,0);
/* parse secdesc */ /* parse secdesc */
if (!sec_io_desc("sd", &psd, &ps, 1)) { if (!sec_io_desc("sd", &psd, &ps, 1)) {
@@ -1478,7 +1478,13 @@ ADS_STATUS ads_set_machine_sd(ADS_STRUCT *ads, const char *hostname, char *dn)
if (!(mods = ads_init_mods(ctx))) return ADS_ERROR(LDAP_NO_MEMORY); if (!(mods = ads_init_mods(ctx))) return ADS_ERROR(LDAP_NO_MEMORY);
bval.bv_len = sd_size; bval.bv_len = sd_size;
bval.bv_val = prs_data_p(&ps_wire); bval.bv_val = talloc(ctx, sd_size);
if (!bval.bv_val) {
ret = ADS_ERROR(LDAP_NO_MEMORY);
goto ads_set_sd_error;
}
prs_copy_all_data_out((char *)&bval.bv_val, &ps_wire);
ads_mod_ber(ctx, &mods, attrs[0], &bval); ads_mod_ber(ctx, &mods, attrs[0], &bval);
ret = ads_gen_mod(ads, dn, mods); ret = ads_gen_mod(ads, dn, mods);
@@ -1726,8 +1732,8 @@ BOOL ads_pull_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
if (values[0]) { if (values[0]) {
prs_init(&ps, values[0]->bv_len, mem_ctx, UNMARSHALL); prs_init(&ps, values[0]->bv_len, mem_ctx, UNMARSHALL);
prs_append_data(&ps, values[0]->bv_val, values[0]->bv_len); prs_copy_data_in(&ps, values[0]->bv_val, values[0]->bv_len);
ps.data_offset = 0; prs_set_offset(&ps,0);
ret = sec_io_desc("sd", sd, &ps, 1); ret = sec_io_desc("sd", sd, &ps, 1);
} }

6
source/libsmb/clisecdesc.c
View File

@@ -54,8 +54,8 @@ SEC_DESC *cli_query_secdesc(struct cli_state *cli, int fnum,
} }
prs_init(&pd, rdata_count, mem_ctx, UNMARSHALL); prs_init(&pd, rdata_count, mem_ctx, UNMARSHALL);
prs_append_data(&pd, rdata, rdata_count); prs_copy_data_in(&pd, rdata, rdata_count);
pd.data_offset = 0; prs_set_offset(&pd,0);
if (!sec_io_desc("sd data", &psd, &pd, 1)) { if (!sec_io_desc("sd data", &psd, &pd, 1)) {
DEBUG(1,("Failed to parse secdesc\n")); DEBUG(1,("Failed to parse secdesc\n"));
@@ -104,7 +104,7 @@ BOOL cli_set_secdesc(struct cli_state *cli, int fnum, SEC_DESC *sd)
0, 0,
NULL, 0, 0, NULL, 0, 0,
param, 8, 0, param, 8, 0,
pd.data_p, pd.data_offset, 0)) { prs_data_p(&pd), prs_offset(&pd), 0)) {
DEBUG(1,("Failed to send NT_TRANSACT_SET_SECURITY_DESC\n")); DEBUG(1,("Failed to send NT_TRANSACT_SET_SECURITY_DESC\n"));
goto cleanup; goto cleanup;
} }

3
source/nsswitch/winbindd_pam.c
View File

@@ -42,11 +42,12 @@ static NTSTATUS append_info3_as_ndr(TALLOC_CTX *mem_ctx,
} }
size = prs_data_size(&ps); size = prs_data_size(&ps);
state->response.extra_data = memdup(prs_data_p(&ps), size); state->response.extra_data = malloc(size);
if (!state->response.extra_data) { if (!state->response.extra_data) {
prs_mem_free(&ps); prs_mem_free(&ps);
return NT_STATUS_NO_MEMORY; return NT_STATUS_NO_MEMORY;
} }
prs_copy_all_data_out(state->response.extra_data, &ps);
state->response.length += size; state->response.length += size;
prs_mem_free(&ps); prs_mem_free(&ps);
return NT_STATUS_OK; return NT_STATUS_OK;

20
source/rpc_client/cli_spoolss.c
View File

@@ -58,7 +58,7 @@ static void decode_printer_info_0(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer,
inf=(PRINTER_INFO_0 *)talloc(mem_ctx, returned*sizeof(PRINTER_INFO_0)); inf=(PRINTER_INFO_0 *)talloc(mem_ctx, returned*sizeof(PRINTER_INFO_0));
memset(inf, 0, returned*sizeof(PRINTER_INFO_0)); memset(inf, 0, returned*sizeof(PRINTER_INFO_0));
buffer->prs.data_offset=0; prs_set_offset(&buffer->prs,0);
for (i=0; i<returned; i++) { for (i=0; i<returned; i++) {
smb_io_printer_info_0("", buffer, &inf[i], 0); smb_io_printer_info_0("", buffer, &inf[i], 0);
@@ -78,7 +78,7 @@ static void decode_printer_info_1(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer,
inf=(PRINTER_INFO_1 *)talloc(mem_ctx, returned*sizeof(PRINTER_INFO_1)); inf=(PRINTER_INFO_1 *)talloc(mem_ctx, returned*sizeof(PRINTER_INFO_1));
memset(inf, 0, returned*sizeof(PRINTER_INFO_1)); memset(inf, 0, returned*sizeof(PRINTER_INFO_1));
buffer->prs.data_offset=0; prs_set_offset(&buffer->prs,0);
for (i=0; i<returned; i++) { for (i=0; i<returned; i++) {
smb_io_printer_info_1("", buffer, &inf[i], 0); smb_io_printer_info_1("", buffer, &inf[i], 0);
@@ -98,7 +98,7 @@ static void decode_printer_info_2(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer,
inf=(PRINTER_INFO_2 *)talloc(mem_ctx, returned*sizeof(PRINTER_INFO_2)); inf=(PRINTER_INFO_2 *)talloc(mem_ctx, returned*sizeof(PRINTER_INFO_2));
memset(inf, 0, returned*sizeof(PRINTER_INFO_2)); memset(inf, 0, returned*sizeof(PRINTER_INFO_2));
buffer->prs.data_offset=0; prs_set_offset(&buffer->prs,0);
for (i=0; i<returned; i++) { for (i=0; i<returned; i++) {
/* a little initialization as we go */ /* a little initialization as we go */
@@ -120,7 +120,7 @@ static void decode_printer_info_3(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer,
inf=(PRINTER_INFO_3 *)talloc(mem_ctx, returned*sizeof(PRINTER_INFO_3)); inf=(PRINTER_INFO_3 *)talloc(mem_ctx, returned*sizeof(PRINTER_INFO_3));
memset(inf, 0, returned*sizeof(PRINTER_INFO_3)); memset(inf, 0, returned*sizeof(PRINTER_INFO_3));
buffer->prs.data_offset=0; prs_set_offset(&buffer->prs,0);
for (i=0; i<returned; i++) { for (i=0; i<returned; i++) {
inf[i].secdesc = NULL; inf[i].secdesc = NULL;
@@ -181,7 +181,7 @@ static void decode_printer_driver_1(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer,
inf=(DRIVER_INFO_1 *)talloc(mem_ctx, returned*sizeof(DRIVER_INFO_1)); inf=(DRIVER_INFO_1 *)talloc(mem_ctx, returned*sizeof(DRIVER_INFO_1));
memset(inf, 0, returned*sizeof(DRIVER_INFO_1)); memset(inf, 0, returned*sizeof(DRIVER_INFO_1));
buffer->prs.data_offset=0; prs_set_offset(&buffer->prs,0);
for (i=0; i<returned; i++) { for (i=0; i<returned; i++) {
smb_io_printer_driver_info_1("", buffer, &(inf[i]), 0); smb_io_printer_driver_info_1("", buffer, &(inf[i]), 0);
@@ -201,7 +201,7 @@ static void decode_printer_driver_2(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer,
inf=(DRIVER_INFO_2 *)talloc(mem_ctx, returned*sizeof(DRIVER_INFO_2)); inf=(DRIVER_INFO_2 *)talloc(mem_ctx, returned*sizeof(DRIVER_INFO_2));
memset(inf, 0, returned*sizeof(DRIVER_INFO_2)); memset(inf, 0, returned*sizeof(DRIVER_INFO_2));
buffer->prs.data_offset=0; prs_set_offset(&buffer->prs,0);
for (i=0; i<returned; i++) { for (i=0; i<returned; i++) {
smb_io_printer_driver_info_2("", buffer, &(inf[i]), 0); smb_io_printer_driver_info_2("", buffer, &(inf[i]), 0);
@@ -221,7 +221,7 @@ static void decode_printer_driver_3(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer,
inf=(DRIVER_INFO_3 *)talloc(mem_ctx, returned*sizeof(DRIVER_INFO_3)); inf=(DRIVER_INFO_3 *)talloc(mem_ctx, returned*sizeof(DRIVER_INFO_3));
memset(inf, 0, returned*sizeof(DRIVER_INFO_3)); memset(inf, 0, returned*sizeof(DRIVER_INFO_3));
buffer->prs.data_offset=0; prs_set_offset(&buffer->prs,0);
for (i=0; i<returned; i++) { for (i=0; i<returned; i++) {
smb_io_printer_driver_info_3("", buffer, &(inf[i]), 0); smb_io_printer_driver_info_3("", buffer, &(inf[i]), 0);
@@ -1424,7 +1424,7 @@ static void decode_forms_1(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer,
int i; int i;
*forms = (FORM_1 *)talloc(mem_ctx, num_forms * sizeof(FORM_1)); *forms = (FORM_1 *)talloc(mem_ctx, num_forms * sizeof(FORM_1));
buffer->prs.data_offset = 0; prs_set_offset(&buffer->prs,0);
for (i = 0; i < num_forms; i++) for (i = 0; i < num_forms; i++)
smb_io_form_1("", buffer, &((*forms)[i]), 0); smb_io_form_1("", buffer, &((*forms)[i]), 0);
@@ -1506,7 +1506,7 @@ static void decode_jobs_1(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer,
uint32 i; uint32 i;
*jobs = (JOB_INFO_1 *)talloc(mem_ctx, num_jobs * sizeof(JOB_INFO_1)); *jobs = (JOB_INFO_1 *)talloc(mem_ctx, num_jobs * sizeof(JOB_INFO_1));
buffer->prs.data_offset = 0; prs_set_offset(&buffer->prs,0);
for (i = 0; i < num_jobs; i++) for (i = 0; i < num_jobs; i++)
smb_io_job_info_1("", buffer, &((*jobs)[i]), 0); smb_io_job_info_1("", buffer, &((*jobs)[i]), 0);
@@ -1518,7 +1518,7 @@ static void decode_jobs_2(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer,
uint32 i; uint32 i;
*jobs = (JOB_INFO_2 *)talloc(mem_ctx, num_jobs * sizeof(JOB_INFO_2)); *jobs = (JOB_INFO_2 *)talloc(mem_ctx, num_jobs * sizeof(JOB_INFO_2));
buffer->prs.data_offset = 0; prs_set_offset(&buffer->prs,0);
for (i = 0; i < num_jobs; i++) for (i = 0; i < num_jobs; i++)
smb_io_job_info_2("", buffer, &((*jobs)[i]), 0); smb_io_job_info_2("", buffer, &((*jobs)[i]), 0);

28
source/rpc_parse/parse_net.c
View File

@@ -1804,9 +1804,9 @@ static BOOL net_io_sam_domain_info(const char *desc, SAM_DOMAIN_INFO * info,
if (!smb_io_unihdr("hdr_unknown", &info->hdr_unknown, ps, depth)) if (!smb_io_unihdr("hdr_unknown", &info->hdr_unknown, ps, depth))
return False; return False;
if (ps->data_offset + 40 > ps->buffer_size) if (prs_offset(ps) + 40 > prs_data_size(ps))
return False; return False;
ps->data_offset += 40; prs_set_offset(ps, prs_offset(ps) + 40);
if (!smb_io_unistr2("uni_dom_name", &info->uni_dom_name, if (!smb_io_unistr2("uni_dom_name", &info->uni_dom_name,
info->hdr_dom_name.buffer, ps, depth)) info->hdr_dom_name.buffer, ps, depth))
@@ -1843,9 +1843,9 @@ static BOOL net_io_sam_group_info(const char *desc, SAM_GROUP_INFO * info,
if (!smb_io_bufhdr2("hdr_sec_desc", &info->hdr_sec_desc, ps, depth)) if (!smb_io_bufhdr2("hdr_sec_desc", &info->hdr_sec_desc, ps, depth))
return False; return False;
if (ps->data_offset + 48 > ps->buffer_size) if (prs_offset(ps) + 48 > prs_data_size(ps))
return False; return False;
ps->data_offset += 48; prs_set_offset(ps, prs_offset(ps) + 48);
if (!smb_io_unistr2("uni_grp_name", &info->uni_grp_name, if (!smb_io_unistr2("uni_grp_name", &info->uni_grp_name,
info->hdr_grp_name.buffer, ps, depth)) info->hdr_grp_name.buffer, ps, depth))
@@ -2124,13 +2124,13 @@ static BOOL net_io_sam_account_info(const char *desc, uint8 sess_key[16],
uint32 len = 0x44; uint32 len = 0x44;
if (!prs_uint32("pwd_len", ps, depth, &len)) if (!prs_uint32("pwd_len", ps, depth, &len))
return False; return False;
old_offset = ps->data_offset; old_offset = prs_offset(ps);
if (len == 0x44) if (len == 0x44)
{ {
if (ps->io) if (ps->io)
{ {
/* reading */ /* reading */
if (!prs_hash1(ps, ps->data_offset, sess_key)) if (!prs_hash1(ps, prs_offset(ps), sess_key))
return False; return False;
} }
if (!net_io_sam_passwd_info("pass", &info->pass, if (!net_io_sam_passwd_info("pass", &info->pass,
@@ -2144,9 +2144,9 @@ static BOOL net_io_sam_account_info(const char *desc, uint8 sess_key[16],
return False; return False;
} }
} }
if (old_offset + len > ps->buffer_size) if (old_offset + len > prs_data_size(ps))
return False; return False;
ps->data_offset = old_offset + len; prs_set_offset(ps, old_offset + len);
} }
if (!smb_io_buffer4("buf_sec_desc", &info->buf_sec_desc, if (!smb_io_buffer4("buf_sec_desc", &info->buf_sec_desc,
info->hdr_sec_desc.buffer, ps, depth)) info->hdr_sec_desc.buffer, ps, depth))
@@ -2181,9 +2181,9 @@ static BOOL net_io_sam_group_mem_info(const char *desc, SAM_GROUP_MEM_INFO * inf
if (!prs_uint32("num_members", ps, depth, &info->num_members)) if (!prs_uint32("num_members", ps, depth, &info->num_members))
return False; return False;
if (ps->data_offset + 16 > ps->buffer_size) if (prs_offset(ps) + 16 > prs_data_size(ps))
return False; return False;
ps->data_offset += 16; prs_set_offset(ps, prs_offset(ps) + 16);
if (info->ptr_rids != 0) if (info->ptr_rids != 0)
{ {
@@ -2263,9 +2263,9 @@ static BOOL net_io_sam_alias_info(const char *desc, SAM_ALIAS_INFO * info,
if (!smb_io_unihdr("hdr_als_desc", &info->hdr_als_desc, ps, depth)) if (!smb_io_unihdr("hdr_als_desc", &info->hdr_als_desc, ps, depth))
return False; return False;
if (ps->data_offset + 40 > ps->buffer_size) if (prs_offset(ps) + 40 > prs_data_size(ps))
return False; return False;
ps->data_offset += 40; prs_set_offset(ps, prs_offset(ps) + 40);
if (!smb_io_unistr2("uni_als_name", &info->uni_als_name, if (!smb_io_unistr2("uni_als_name", &info->uni_als_name,
info->hdr_als_name.buffer, ps, depth)) info->hdr_als_name.buffer, ps, depth))
@@ -2300,9 +2300,9 @@ static BOOL net_io_sam_alias_mem_info(const char *desc, SAM_ALIAS_MEM_INFO * inf
if (info->ptr_members != 0) if (info->ptr_members != 0)
{ {
if (ps->data_offset + 16 > ps->buffer_size) if (prs_offset(ps) + 16 > prs_data_size(ps))
return False; return False;
ps->data_offset += 16; prs_set_offset(ps, prs_offset(ps) + 16);
if (!prs_uint32("num_sids", ps, depth, &info->num_sids)) if (!prs_uint32("num_sids", ps, depth, &info->num_sids))
return False; return False;

58
source/rpc_parse/parse_prs.c
View File

@@ -134,6 +134,7 @@ void prs_mem_free(prs_struct *ps)
void prs_mem_clear(prs_struct *ps) void prs_mem_clear(prs_struct *ps)
{ {
if (ps->buffer_size)
memset(ps->data_p, '\0', (size_t)ps->buffer_size); memset(ps->data_p, '\0', (size_t)ps->buffer_size);
} }
@@ -143,11 +144,13 @@ void prs_mem_clear(prs_struct *ps)
char *prs_alloc_mem(prs_struct *ps, size_t size) char *prs_alloc_mem(prs_struct *ps, size_t size)
{ {
char *ret = talloc(ps->mem_ctx, size); char *ret = NULL;
if (size) {
ret = talloc(ps->mem_ctx, size);
if (ret) if (ret)
memset(ret, '\0', size); memset(ret, '\0', size);
}
return ret; return ret;
} }
@@ -357,10 +360,13 @@ BOOL prs_set_offset(prs_struct *ps, uint32 offset)
BOOL prs_append_prs_data(prs_struct *dst, prs_struct *src) BOOL prs_append_prs_data(prs_struct *dst, prs_struct *src)
{ {
if (prs_offset(src) == 0)
return True;
if(!prs_grow(dst, prs_offset(src))) if(!prs_grow(dst, prs_offset(src)))
return False; return False;
memcpy(&dst->data_p[dst->data_offset], prs_data_p(src), (size_t)prs_offset(src)); memcpy(&dst->data_p[dst->data_offset], src->data_p, (size_t)prs_offset(src));
dst->data_offset += prs_offset(src); dst->data_offset += prs_offset(src);
return True; return True;
@@ -378,7 +384,7 @@ BOOL prs_append_some_prs_data(prs_struct *dst, prs_struct *src, int32 start, uin
if(!prs_grow(dst, len)) if(!prs_grow(dst, len))
return False; return False;
memcpy(&dst->data_p[dst->data_offset], prs_data_p(src)+start, (size_t)len); memcpy(&dst->data_p[dst->data_offset], src->data_p + start, (size_t)len);
dst->data_offset += len; dst->data_offset += len;
return True; return True;
@@ -388,8 +394,11 @@ BOOL prs_append_some_prs_data(prs_struct *dst, prs_struct *src, int32 start, uin
Append the data from a buffer into a parse_struct. Append the data from a buffer into a parse_struct.
********************************************************************/ ********************************************************************/
BOOL prs_append_data(prs_struct *dst, char *src, uint32 len) BOOL prs_copy_data_in(prs_struct *dst, char *src, uint32 len)
{ {
if (len == 0)
return True;
if(!prs_grow(dst, len)) if(!prs_grow(dst, len))
return False; return False;
@@ -399,6 +408,39 @@ BOOL prs_append_data(prs_struct *dst, char *src, uint32 len)
return True; return True;
} }
/*******************************************************************
Copy some data from a parse_struct into a buffer.
********************************************************************/
BOOL prs_copy_data_out(char *dst, prs_struct *src, uint32 len)
{
if (len == 0)
return True;
if(!prs_mem_get(src, len))
return False;
memcpy(dst, &src->data_p[src->data_offset], (size_t)len);
src->data_offset += len;
return True;
}
/*******************************************************************
Copy all the data from a parse_struct into a buffer.
********************************************************************/
BOOL prs_copy_all_data_out(char *dst, prs_struct *src)
{
uint32 len = prs_offset(src);
if (!len)
return True;
prs_set_offset(src, 0);
return prs_copy_data_out(dst, src, len);
}
/******************************************************************* /*******************************************************************
Set the data as X-endian (external interface). Set the data as X-endian (external interface).
********************************************************************/ ********************************************************************/
@@ -1049,7 +1091,7 @@ BOOL prs_unistr(const char *name, prs_struct *ps, int depth, UNISTR *str)
else { /* unmarshalling */ else { /* unmarshalling */
uint32 alloc_len = 0; uint32 alloc_len = 0;
q = prs_data_p(ps) + prs_offset(ps); q = ps->data_p + prs_offset(ps);
/* /*
* Work out how much space we need and talloc it. * Work out how much space we need and talloc it.
@@ -1242,7 +1284,7 @@ int tdb_prs_store(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps)
TDB_DATA kbuf, dbuf; TDB_DATA kbuf, dbuf;
kbuf.dptr = keystr; kbuf.dptr = keystr;
kbuf.dsize = strlen(keystr)+1; kbuf.dsize = strlen(keystr)+1;
dbuf.dptr = prs_data_p(ps); dbuf.dptr = ps->data_p;
dbuf.dsize = prs_offset(ps); dbuf.dsize = prs_offset(ps);
return tdb_store(tdb, kbuf, dbuf, TDB_REPLACE); return tdb_store(tdb, kbuf, dbuf, TDB_REPLACE);
} }
@@ -1272,7 +1314,7 @@ BOOL prs_hash1(prs_struct *ps, uint32 offset, uint8 sess_key[16])
{ {
char *q; char *q;
q = prs_data_p(ps); q = ps->data_p;
q = &q[offset]; q = &q[offset];
#ifdef DEBUG_PASSWORD #ifdef DEBUG_PASSWORD

8
source/rpc_parse/parse_sec.c
View File

@@ -782,7 +782,7 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth)
if (psd->off_owner_sid != 0) { if (psd->off_owner_sid != 0) {
tmp_offset = ps->data_offset; tmp_offset = prs_offset(ps);
if(!prs_set_offset(ps, old_offset + psd->off_owner_sid)) if(!prs_set_offset(ps, old_offset + psd->off_owner_sid))
return False; return False;
@@ -803,7 +803,7 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth)
if (psd->off_grp_sid != 0) { if (psd->off_grp_sid != 0) {
tmp_offset = ps->data_offset; tmp_offset = prs_offset(ps);
if(!prs_set_offset(ps, old_offset + psd->off_grp_sid)) if(!prs_set_offset(ps, old_offset + psd->off_grp_sid))
return False; return False;
@@ -823,7 +823,7 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth)
} }
if ((psd->type & SEC_DESC_SACL_PRESENT) && psd->off_sacl) { if ((psd->type & SEC_DESC_SACL_PRESENT) && psd->off_sacl) {
tmp_offset = ps->data_offset; tmp_offset = prs_offset(ps);
if(!prs_set_offset(ps, old_offset + psd->off_sacl)) if(!prs_set_offset(ps, old_offset + psd->off_sacl))
return False; return False;
if(!sec_io_acl("sacl", &psd->sacl, ps, depth)) if(!sec_io_acl("sacl", &psd->sacl, ps, depth))
@@ -835,7 +835,7 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth)
if ((psd->type & SEC_DESC_DACL_PRESENT) && psd->off_dacl != 0) { if ((psd->type & SEC_DESC_DACL_PRESENT) && psd->off_dacl != 0) {
tmp_offset = ps->data_offset; tmp_offset = prs_offset(ps);
if(!prs_set_offset(ps, old_offset + psd->off_dacl)) if(!prs_set_offset(ps, old_offset + psd->off_dacl))
return False; return False;
if(!sec_io_acl("dacl", &psd->dacl, ps, depth)) if(!sec_io_acl("dacl", &psd->dacl, ps, depth))

26
source/rpc_server/srv_pipe.c
View File

@@ -84,8 +84,6 @@ BOOL create_next_pdu(pipes_struct *p)
uint32 data_space_available; uint32 data_space_available;
uint32 data_len_left; uint32 data_len_left;
prs_struct outgoing_pdu; prs_struct outgoing_pdu;
char *data;
char *data_from;
uint32 data_pos; uint32 data_pos;
/* /*
@@ -187,26 +185,26 @@ BOOL create_next_pdu(pipes_struct *p)
data_pos = prs_offset(&outgoing_pdu); data_pos = prs_offset(&outgoing_pdu);
/* Copy the data into the PDU. */ /* Copy the data into the PDU. */
data_from = prs_data_p(&p->out_data.rdata) + p->out_data.data_sent_length;
if(!prs_append_data(&outgoing_pdu, data_from, data_len)) { if(!prs_append_some_prs_data(&outgoing_pdu, &p->out_data.rdata, p->out_data.data_sent_length, data_len)) {
DEBUG(0,("create_next_pdu: failed to copy %u bytes of data.\n", (unsigned int)data_len)); DEBUG(0,("create_next_pdu: failed to copy %u bytes of data.\n", (unsigned int)data_len));
prs_mem_free(&outgoing_pdu); prs_mem_free(&outgoing_pdu);
return False; return False;
} }
if (p->hdr.auth_len > 0) {
uint32 crc32 = 0;
char *data;
DEBUG(5,("create_next_pdu: sign: %s seal: %s data %d auth %d\n",
BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len, p->hdr.auth_len));
/* /*
* Set data to point to where we copied the data into. * Set data to point to where we copied the data into.
*/ */
data = prs_data_p(&outgoing_pdu) + data_pos; data = prs_data_p(&outgoing_pdu) + data_pos;
if (p->hdr.auth_len > 0) {
uint32 crc32 = 0;
DEBUG(5,("create_next_pdu: sign: %s seal: %s data %d auth %d\n",
BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len, p->hdr.auth_len));
if (auth_seal) { if (auth_seal) {
crc32 = crc32_calc_buffer(data, data_len); crc32 = crc32_calc_buffer(data, data_len);
NTLMSSPcalc_p(p, (uchar*)data, data_len); NTLMSSPcalc_p(p, (uchar*)data, data_len);
@@ -1389,17 +1387,15 @@ BOOL api_rpcTNP(pipes_struct *p, const char *rpc_name,
/* Check for buffer underflow in rpc parsing */ /* Check for buffer underflow in rpc parsing */
if ((DEBUGLEVEL >= 10) && if ((DEBUGLEVEL >= 10) &&
(p->in_data.data.data_offset != p->in_data.data.buffer_size)) { (prs_offset(&p->in_data.data) != prs_data_size(&p->in_data.data))) {
int data_len = p->in_data.data.buffer_size - size_t data_len = prs_data_size(&p->in_data.data) - prs_offset(&p->in_data.data);
p->in_data.data.data_offset;
char *data; char *data;
data = malloc(data_len); data = malloc(data_len);
DEBUG(10, ("api_rpcTNP: rpc input buffer underflow (parse error?)\n")); DEBUG(10, ("api_rpcTNP: rpc input buffer underflow (parse error?)\n"));
if (data) { if (data) {
prs_uint8s(False, "", &p->in_data.data, 0, (unsigned char *)data, prs_uint8s(False, "", &p->in_data.data, 0, (unsigned char *)data, (uint32)data_len);
data_len);
SAFE_FREE(data); SAFE_FREE(data);
} }

7
source/rpc_server/srv_pipe_hnd.c
View File

@@ -618,18 +618,13 @@ authentication failed. Denying the request.\n", p->name));
* Append the data portion into the buffer and return. * Append the data portion into the buffer and return.
*/ */
{ if(!prs_append_some_prs_data(&p->in_data.data, rpc_in_p, prs_offset(rpc_in_p), data_len)) {
char *data_from = prs_data_p(rpc_in_p) + prs_offset(rpc_in_p);
if(!prs_append_data(&p->in_data.data, data_from, data_len)) {
DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n", DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n",
(unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) )); (unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) ));
set_incoming_fault(p); set_incoming_fault(p);
return False; return False;
} }
}
if(p->hdr.flags & RPC_FLG_LAST) { if(p->hdr.flags & RPC_FLG_LAST) {
BOOL ret = False; BOOL ret = False;
/* /*

5
source/rpc_server/srv_spoolss_nt.c
View File

@@ -706,10 +706,9 @@ static void notify_system_time(struct spoolss_notify_msg *msg,
return; return;
data->notify_data.data.length = prs_offset(&ps); data->notify_data.data.length = prs_offset(&ps);
data->notify_data.data.string = data->notify_data.data.string = talloc(mem_ctx, prs_offset(&ps));
talloc(mem_ctx, prs_offset(&ps));
memcpy(data->notify_data.data.string, prs_data_p(&ps), prs_offset(&ps)); prs_copy_all_data_out((char *)data->notify_data.data.string, &ps);
prs_mem_free(&ps); prs_mem_free(&ps);
} }