1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

ctdb-protocol: Add checks to validate data on wire before unmarshaling

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
This commit is contained in:
Amitay Isaacs 2016-05-03 12:53:24 +10:00 committed by Volker Lendecke
parent e17396442a
commit dcd1a43b8c
3 changed files with 66 additions and 0 deletions

View File

@ -123,6 +123,15 @@ int ctdb_req_call_pull(uint8_t *buf, size_t buflen,
if (buflen < length) {
return EMSGSIZE;
}
if (wire->keylen > buflen || wire->calldatalen > buflen) {
return EMSGSIZE;
}
if (length + wire->keylen < length) {
return EMSGSIZE;
}
if (length + wire->keylen + wire->calldatalen < length) {
return EMSGSIZE;
}
if (buflen < length + wire->keylen + wire->calldatalen) {
return EMSGSIZE;
}
@ -197,6 +206,12 @@ int ctdb_reply_call_pull(uint8_t *buf, size_t buflen,
if (buflen < length) {
return EMSGSIZE;
}
if (wire->datalen > buflen) {
return EMSGSIZE;
}
if (length + wire->datalen < length) {
return EMSGSIZE;
}
if (buflen < length + wire->datalen) {
return EMSGSIZE;
}
@ -262,6 +277,12 @@ int ctdb_reply_error_pull(uint8_t *buf, size_t buflen,
if (buflen < length) {
return EMSGSIZE;
}
if (wire->msglen > buflen) {
return EMSGSIZE;
}
if (length + wire->msglen < length) {
return EMSGSIZE;
}
if (buflen < length + wire->msglen) {
return EMSGSIZE;
}
@ -331,6 +352,15 @@ int ctdb_req_dmaster_pull(uint8_t *buf, size_t buflen,
if (buflen < length) {
return EMSGSIZE;
}
if (wire->keylen > buflen || wire->datalen > buflen) {
return EMSGSIZE;
}
if (length + wire->keylen < length) {
return EMSGSIZE;
}
if (length + wire->keylen + wire->datalen < length) {
return EMSGSIZE;
}
if (buflen < length + wire->keylen + wire->datalen) {
return EMSGSIZE;
}
@ -408,6 +438,15 @@ int ctdb_reply_dmaster_pull(uint8_t *buf, size_t buflen,
if (buflen < length) {
return EMSGSIZE;
}
if (wire->keylen > buflen || wire->datalen > buflen) {
return EMSGSIZE;
}
if (length + wire->keylen < length) {
return EMSGSIZE;
}
if (length + wire->keylen + wire->datalen < length) {
return EMSGSIZE;
}
if (buflen < length + wire->keylen + wire->datalen) {
return EMSGSIZE;
}

View File

@ -1924,6 +1924,12 @@ int ctdb_req_control_pull(uint8_t *buf, size_t buflen,
if (buflen < length) {
return EMSGSIZE;
}
if (wire->datalen > buflen) {
return EMSGSIZE;
}
if (length + wire->datalen < length) {
return EMSGSIZE;
}
if (buflen < length + wire->datalen) {
return EMSGSIZE;
}
@ -2005,6 +2011,15 @@ int ctdb_reply_control_pull(uint8_t *buf, size_t buflen, uint32_t opcode,
if (buflen < length) {
return EMSGSIZE;
}
if (wire->datalen > buflen || wire->errorlen > buflen) {
return EMSGSIZE;
}
if (length + wire->datalen < length) {
return EMSGSIZE;
}
if (length + wire->datalen + wire->errorlen < length) {
return EMSGSIZE;
}
if (buflen < length + wire->datalen + wire->errorlen) {
return EMSGSIZE;
}

View File

@ -325,6 +325,12 @@ int ctdb_req_message_pull(uint8_t *buf, size_t buflen,
if (buflen < length) {
return EMSGSIZE;
}
if (wire->datalen > buflen) {
return EMSGSIZE;
}
if (length + wire->datalen < length) {
return EMSGSIZE;
}
if (buflen < length + wire->datalen) {
return EMSGSIZE;
}
@ -387,6 +393,12 @@ int ctdb_req_message_data_pull(uint8_t *buf, size_t buflen,
if (buflen < length) {
return EMSGSIZE;
}
if (wire->datalen > buflen) {
return EMSGSIZE;
}
if (length + wire->datalen < length) {
return EMSGSIZE;
}
if (buflen < length + wire->datalen) {
return EMSGSIZE;
}