1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

Move cli_trans_oob to lib/util.c

Rename it to trans_oob, it will be used in the server routines.
This commit is contained in:
Volker Lendecke 2008-11-08 16:48:20 +01:00
parent 738271fc20
commit 9a3be6f0f8
3 changed files with 24 additions and 17 deletions

View File

@ -1251,6 +1251,7 @@ char *procid_str_static(const struct server_id *pid);
bool procid_valid(const struct server_id *pid);
bool procid_is_local(const struct server_id *pid);
int this_is_smp(void);
bool trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length);
bool is_offset_safe(const char *buf_base, size_t buf_len, char *ptr, size_t off);
char *get_safe_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off);
char *get_safe_str_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off);

View File

@ -2878,6 +2878,25 @@ int this_is_smp(void)
#endif
}
/****************************************************************
Check if offset/length fit into bufsize. Should probably be
merged with is_offset_safe, but this would require a rewrite
of lanman.c. Later :-)
****************************************************************/
bool trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length)
{
if ((offset + length < offset) || (offset + length < length)) {
/* wrap */
return true;
}
if ((offset > bufsize) || (offset + length > bufsize)) {
/* overflow */
return true;
}
return false;
}
/****************************************************************
Check if an offset into a buffer is safe.
If this returns True it's safe to indirect into the byte at

View File

@ -978,19 +978,6 @@ static void cli_trans_ship_rest(struct async_req *req,
}
}
static bool cli_trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length)
{
if ((offset + length < offset) || (offset + length < length)) {
/* wrap */
return true;
}
if ((offset > bufsize) || (offset + length > bufsize)) {
/* overflow */
return true;
}
return false;
}
static NTSTATUS cli_pull_trans(struct async_req *req,
struct cli_request *cli_req,
uint8_t smb_cmd, bool expect_first_reply,
@ -1072,10 +1059,10 @@ static NTSTATUS cli_pull_trans(struct async_req *req,
* length. Likewise for param_ofs/param_disp.
*/
if (cli_trans_oob(smb_len(cli_req->inbuf), param_ofs, *pnum_param)
|| cli_trans_oob(*ptotal_param, *pparam_disp, *pnum_param)
|| cli_trans_oob(smb_len(cli_req->inbuf), data_ofs, *pnum_data)
|| cli_trans_oob(*ptotal_data, *pdata_disp, *pnum_data)) {
if (trans_oob(smb_len(cli_req->inbuf), param_ofs, *pnum_param)
|| trans_oob(*ptotal_param, *pparam_disp, *pnum_param)
|| trans_oob(smb_len(cli_req->inbuf), data_ofs, *pnum_data)
|| trans_oob(*ptotal_data, *pdata_disp, *pnum_data)) {
return NT_STATUS_INVALID_NETWORK_RESPONSE;
}