sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-26 21:57:41 +03:00
Code

librpc/tools: correctly validate relative pointers in ndrdump

Browse Source 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher 2016-01-06 13:28:02 +01:00 committed by Andrew Bartlett
parent 3076b1ed44
commit 582f506655
1 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
librpc/tools/ndrdump.c
View File

@ -463,7 +463,7 @@ static void ndr_print_dummy(struct ndr_print *ndr, const char *format, ...)
}
if (dumpdata) {
printf("%d bytes consumed\n", ndr_pull->offset);
printf("%d bytes consumed\n", highest_ofs);
ndrdump_data(blob.data, blob.length, dumpdata);
}
@ -487,6 +487,7 @@ static void ndr_print_dummy(struct ndr_print *ndr, const char *format, ...)
struct ndr_push *ndr_v_push;
struct ndr_pull *ndr_v_pull;
struct ndr_print *ndr_v_print;
uint32_t highest_v_ofs;
uint32_t i;
uint8_t byte_a, byte_b;
bool differ;
@ -523,11 +524,17 @@ static void ndr_print_dummy(struct ndr_print *ndr, const char *format, ...)
exit(1);
}
if (ndr_v_pull->offset > ndr_v_pull->relative_highest_offset) {
highest_v_ofs = ndr_v_pull->offset;
} else {
highest_v_ofs = ndr_v_pull->relative_highest_offset;
}
if (ndr_v_pull->offset != ndr_v_pull->data_size) {
printf("WARNING! %d unread bytes in validation\n", ndr_v_pull->data_size - ndr_v_pull->offset);
ndrdump_data(ndr_v_pull->data+ndr_v_pull->offset,
ndr_v_pull->data_size - ndr_v_pull->offset,
if (highest_v_ofs != ndr_v_pull->data_size) {
printf("WARNING! %d unread bytes in validation\n",
ndr_v_pull->data_size - highest_v_ofs);
ndrdump_data(ndr_v_pull->data + highest_v_ofs,
ndr_v_pull->data_size - highest_v_ofs,
dumpdata);
}
@ -541,9 +548,9 @@ static void ndr_print_dummy(struct ndr_print *ndr, const char *format, ...)
(unsigned long long)blob.length, (unsigned long long)v_blob.length);
}
if (ndr_pull->offset != ndr_v_pull->offset) {
if (highest_ofs != highest_v_ofs) {
printf("WARNING! orig pulled bytes:%llu validated pulled bytes:%llu\n",
(unsigned long long)ndr_pull->offset, (unsigned long long)ndr_v_pull->offset);
(unsigned long long)highest_ofs, (unsigned long long)highest_v_ofs);
}
differ = false;