mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
Move cli_trans_oob to lib/util.c
Rename it to trans_oob, it will be used in the server routines.
This commit is contained in:
parent
738271fc20
commit
9a3be6f0f8
@ -1251,6 +1251,7 @@ char *procid_str_static(const struct server_id *pid);
|
||||
bool procid_valid(const struct server_id *pid);
|
||||
bool procid_is_local(const struct server_id *pid);
|
||||
int this_is_smp(void);
|
||||
bool trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length);
|
||||
bool is_offset_safe(const char *buf_base, size_t buf_len, char *ptr, size_t off);
|
||||
char *get_safe_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off);
|
||||
char *get_safe_str_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off);
|
||||
|
@ -2878,6 +2878,25 @@ int this_is_smp(void)
|
||||
#endif
|
||||
}
|
||||
|
||||
/****************************************************************
|
||||
Check if offset/length fit into bufsize. Should probably be
|
||||
merged with is_offset_safe, but this would require a rewrite
|
||||
of lanman.c. Later :-)
|
||||
****************************************************************/
|
||||
|
||||
bool trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length)
|
||||
{
|
||||
if ((offset + length < offset) || (offset + length < length)) {
|
||||
/* wrap */
|
||||
return true;
|
||||
}
|
||||
if ((offset > bufsize) || (offset + length > bufsize)) {
|
||||
/* overflow */
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/****************************************************************
|
||||
Check if an offset into a buffer is safe.
|
||||
If this returns True it's safe to indirect into the byte at
|
||||
|
@ -978,19 +978,6 @@ static void cli_trans_ship_rest(struct async_req *req,
|
||||
}
|
||||
}
|
||||
|
||||
static bool cli_trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length)
|
||||
{
|
||||
if ((offset + length < offset) || (offset + length < length)) {
|
||||
/* wrap */
|
||||
return true;
|
||||
}
|
||||
if ((offset > bufsize) || (offset + length > bufsize)) {
|
||||
/* overflow */
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
static NTSTATUS cli_pull_trans(struct async_req *req,
|
||||
struct cli_request *cli_req,
|
||||
uint8_t smb_cmd, bool expect_first_reply,
|
||||
@ -1072,10 +1059,10 @@ static NTSTATUS cli_pull_trans(struct async_req *req,
|
||||
* length. Likewise for param_ofs/param_disp.
|
||||
*/
|
||||
|
||||
if (cli_trans_oob(smb_len(cli_req->inbuf), param_ofs, *pnum_param)
|
||||
|| cli_trans_oob(*ptotal_param, *pparam_disp, *pnum_param)
|
||||
|| cli_trans_oob(smb_len(cli_req->inbuf), data_ofs, *pnum_data)
|
||||
|| cli_trans_oob(*ptotal_data, *pdata_disp, *pnum_data)) {
|
||||
if (trans_oob(smb_len(cli_req->inbuf), param_ofs, *pnum_param)
|
||||
|| trans_oob(*ptotal_param, *pparam_disp, *pnum_param)
|
||||
|| trans_oob(smb_len(cli_req->inbuf), data_ofs, *pnum_data)
|
||||
|| trans_oob(*ptotal_data, *pdata_disp, *pnum_data)) {
|
||||
return NT_STATUS_INVALID_NETWORK_RESPONSE;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user