sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-26 21:57:41 +03:00
Code

librpc/tools: correctly validate relative pointers in ndrdump

Browse Source 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher 2016-01-06 13:28:02 +01:00 committed by Andrew Bartlett
parent 3076b1ed44
commit 582f506655
1 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
librpc/tools/ndrdump.c
View File

@ -463,7 +463,7 @@ static void ndr_print_dummy(struct ndr_print *ndr, const char *format, ...)
} }
if (dumpdata) { if (dumpdata) {
printf("%d bytes consumed\n", ndr_pull->offset); printf("%d bytes consumed\n", highest_ofs);
ndrdump_data(blob.data, blob.length, dumpdata); ndrdump_data(blob.data, blob.length, dumpdata);
} }
@ -487,6 +487,7 @@ static void ndr_print_dummy(struct ndr_print *ndr, const char *format, ...)
struct ndr_push *ndr_v_push; struct ndr_push *ndr_v_push;
struct ndr_pull *ndr_v_pull; struct ndr_pull *ndr_v_pull;
struct ndr_print *ndr_v_print; struct ndr_print *ndr_v_print;
uint32_t highest_v_ofs;
uint32_t i; uint32_t i;
uint8_t byte_a, byte_b; uint8_t byte_a, byte_b;
bool differ; bool differ;
@ -523,11 +524,17 @@ static void ndr_print_dummy(struct ndr_print *ndr, const char *format, ...)
exit(1); exit(1);
} }
if (ndr_v_pull->offset > ndr_v_pull->relative_highest_offset) {
highest_v_ofs = ndr_v_pull->offset;
} else {
highest_v_ofs = ndr_v_pull->relative_highest_offset;
}
if (ndr_v_pull->offset != ndr_v_pull->data_size) { if (highest_v_ofs != ndr_v_pull->data_size) {
printf("WARNING! %d unread bytes in validation\n", ndr_v_pull->data_size - ndr_v_pull->offset); printf("WARNING! %d unread bytes in validation\n",
ndrdump_data(ndr_v_pull->data+ndr_v_pull->offset, ndr_v_pull->data_size - highest_v_ofs);
ndr_v_pull->data_size - ndr_v_pull->offset, ndrdump_data(ndr_v_pull->data + highest_v_ofs,
ndr_v_pull->data_size - highest_v_ofs,
dumpdata); dumpdata);
} }
@ -541,9 +548,9 @@ static void ndr_print_dummy(struct ndr_print *ndr, const char *format, ...)
(unsigned long long)blob.length, (unsigned long long)v_blob.length); (unsigned long long)blob.length, (unsigned long long)v_blob.length);
} }
if (ndr_pull->offset != ndr_v_pull->offset) { if (highest_ofs != highest_v_ofs) {
printf("WARNING! orig pulled bytes:%llu validated pulled bytes:%llu\n", printf("WARNING! orig pulled bytes:%llu validated pulled bytes:%llu\n",
(unsigned long long)ndr_pull->offset, (unsigned long long)ndr_v_pull->offset); (unsigned long long)highest_ofs, (unsigned long long)highest_v_ofs);
} }
differ = false; differ = false;