mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
ctdb-protocol: Add checks to validate data on wire before unmarshaling
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Volker Lendecke <vl@samba.org>
This commit is contained in:
parent
e17396442a
commit
dcd1a43b8c
@ -123,6 +123,15 @@ int ctdb_req_call_pull(uint8_t *buf, size_t buflen,
|
||||
if (buflen < length) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (wire->keylen > buflen || wire->calldatalen > buflen) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (length + wire->keylen < length) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (length + wire->keylen + wire->calldatalen < length) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (buflen < length + wire->keylen + wire->calldatalen) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
@ -197,6 +206,12 @@ int ctdb_reply_call_pull(uint8_t *buf, size_t buflen,
|
||||
if (buflen < length) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (wire->datalen > buflen) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (length + wire->datalen < length) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (buflen < length + wire->datalen) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
@ -262,6 +277,12 @@ int ctdb_reply_error_pull(uint8_t *buf, size_t buflen,
|
||||
if (buflen < length) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (wire->msglen > buflen) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (length + wire->msglen < length) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (buflen < length + wire->msglen) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
@ -331,6 +352,15 @@ int ctdb_req_dmaster_pull(uint8_t *buf, size_t buflen,
|
||||
if (buflen < length) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (wire->keylen > buflen || wire->datalen > buflen) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (length + wire->keylen < length) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (length + wire->keylen + wire->datalen < length) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (buflen < length + wire->keylen + wire->datalen) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
@ -408,6 +438,15 @@ int ctdb_reply_dmaster_pull(uint8_t *buf, size_t buflen,
|
||||
if (buflen < length) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (wire->keylen > buflen || wire->datalen > buflen) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (length + wire->keylen < length) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (length + wire->keylen + wire->datalen < length) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (buflen < length + wire->keylen + wire->datalen) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
|
@ -1924,6 +1924,12 @@ int ctdb_req_control_pull(uint8_t *buf, size_t buflen,
|
||||
if (buflen < length) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (wire->datalen > buflen) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (length + wire->datalen < length) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (buflen < length + wire->datalen) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
@ -2005,6 +2011,15 @@ int ctdb_reply_control_pull(uint8_t *buf, size_t buflen, uint32_t opcode,
|
||||
if (buflen < length) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (wire->datalen > buflen || wire->errorlen > buflen) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (length + wire->datalen < length) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (length + wire->datalen + wire->errorlen < length) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (buflen < length + wire->datalen + wire->errorlen) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
|
@ -325,6 +325,12 @@ int ctdb_req_message_pull(uint8_t *buf, size_t buflen,
|
||||
if (buflen < length) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (wire->datalen > buflen) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (length + wire->datalen < length) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (buflen < length + wire->datalen) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
@ -387,6 +393,12 @@ int ctdb_req_message_data_pull(uint8_t *buf, size_t buflen,
|
||||
if (buflen < length) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (wire->datalen > buflen) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (length + wire->datalen < length) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
if (buflen < length + wire->datalen) {
|
||||
return EMSGSIZE;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user