sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-24 21:49:29 +03:00
Code Activity

* fixed null terminated string handling

Browse Source 
* fixed nested relative offsets in push functions

the spoolss torture test now passes!
This commit is contained in:
Andrew Tridgell
-
parent 4aea2d79dd
commit 60ced76160
4 changed files with 16 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
source/librpc/ndr/ndr.c
View File

@ -727,7 +727,7 @@ NTSTATUS ndr_push_relative(struct ndr_push *ndr, int ndr_flags, const void *p,
NDR_CHECK(ndr_push_align(ndr, 8));
ndr_push_save(ndr, &save);
ndr->offset = ofs->offset;
NDR_CHECK(ndr_push_uint32(ndr, save.offset + ndr->ofs_list->offset));
NDR_CHECK(ndr_push_uint32(ndr, save.offset - ndr->ofs_list->offset));
ndr_push_restore(ndr, &save);
NDR_CHECK(fn(ndr, NDR_SCALARS|NDR_BUFFERS, p));
}

9
source/librpc/ndr/ndr_basic.c
View File

@ -397,15 +397,20 @@ NTSTATUS ndr_pull_string(struct ndr_pull *ndr, int ndr_flags, const char **s)
break;
case LIBNDR_FLAG_STR_NULLTERM:
len1 = strnlen_w(ndr->data+ndr->offset,
(ndr->data_size - ndr->offset)/2);
if (len1*2+2 <= ndr->data_size - ndr->offset) {
len1++;
}
ret = convert_string_talloc(ndr->mem_ctx, CH_UCS2, CH_UNIX,
ndr->data+ndr->offset,
ndr->data_size - ndr->offset,
len1*2,
(const void **)s);
if (ret == -1) {
return ndr_pull_error(ndr, NDR_ERR_CHARCNV,
"Bad character conversion");
}
NDR_CHECK(ndr_pull_advance(ndr, ret));
NDR_CHECK(ndr_pull_advance(ndr, len1*2));
break;
case LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_LEN4|LIBNDR_FLAG_STR_SIZE4:

14
source/librpc/rpc/dcerpc.c
View File

@ -761,7 +761,7 @@ static NTSTATUS dcerpc_ndr_validate_in(TALLOC_CTX *mem_ctx,
status = ndr_pull(pull, NDR_IN, st);
if (!NT_STATUS_IS_OK(status)) {
return ndr_pull_error(pull, NDR_ERR_VALIDATE,
"Error in input validation pull - %s",
"failed input validation pull - %s",
nt_errstr(status));
}
@ -773,7 +773,7 @@ static NTSTATUS dcerpc_ndr_validate_in(TALLOC_CTX *mem_ctx,
status = ndr_push(push, NDR_IN, st);
if (!NT_STATUS_IS_OK(status)) {
return ndr_push_error(push, NDR_ERR_VALIDATE,
"Error in input validation push - %s",
"failed input validation push - %s",
nt_errstr(status));
}
@ -785,7 +785,7 @@ static NTSTATUS dcerpc_ndr_validate_in(TALLOC_CTX *mem_ctx,
DEBUG(3,("secondary:\n"));
dump_data(3, blob2.data, blob2.length);
return ndr_push_error(push, NDR_ERR_VALIDATE,
"Error in input validation data - %s",
"failed input validation data - %s",
nt_errstr(status));
}
@ -825,7 +825,7 @@ static NTSTATUS dcerpc_ndr_validate_out(TALLOC_CTX *mem_ctx,
status = ndr_push(push, NDR_OUT, struct_ptr);
if (!NT_STATUS_IS_OK(status)) {
return ndr_push_error(push, NDR_ERR_VALIDATE,
"Error in output validation push - %s",
"failed output validation push - %s",
nt_errstr(status));
}
@ -840,7 +840,7 @@ static NTSTATUS dcerpc_ndr_validate_out(TALLOC_CTX *mem_ctx,
status = ndr_pull(pull, NDR_OUT, st);
if (!NT_STATUS_IS_OK(status)) {
return ndr_pull_error(pull, NDR_ERR_VALIDATE,
"Error in output validation pull - %s",
"failed output validation pull - %s",
nt_errstr(status));
}
@ -852,7 +852,7 @@ static NTSTATUS dcerpc_ndr_validate_out(TALLOC_CTX *mem_ctx,
status = ndr_push(push, NDR_OUT, st);
if (!NT_STATUS_IS_OK(status)) {
return ndr_push_error(push, NDR_ERR_VALIDATE,
"Error in output validation push2 - %s",
"failed output validation push2 - %s",
nt_errstr(status));
}
@ -864,7 +864,7 @@ static NTSTATUS dcerpc_ndr_validate_out(TALLOC_CTX *mem_ctx,
DEBUG(3,("secondary:\n"));
dump_data(3, blob2.data, blob2.length);
return ndr_push_error(push, NDR_ERR_VALIDATE,
"Error in output validation data - %s",
"failed output validation data - %s",
nt_errstr(status));
}

2
source/torture/rpc/spoolss.c
View File

@ -164,7 +164,7 @@ static BOOL test_OpenPrinter(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
ret = False;
}
return False;
return ret;
}
static BOOL test_OpenPrinterEx(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,