sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-27 14:04:05 +03:00
Code

s4-rpc: paranoid check for auth_length

Browse Source 
This is not strictly needed as the ndr_pull_advance() checks it a few
lines further down, but I want to save Jeremy getting more grey hairs :-)
This commit is contained in:
Andrew Tridgell 2010-02-17 10:23:14 +11:00
parent 77fc30b481
commit eb8800e611
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
source4/librpc/rpc/dcerpc_util.c
View File

@ -781,6 +781,17 @@ NTSTATUS dcerpc_pull_auth_trailer(struct ncacn_packet *pkt,
uint32_t pad;
pad = pkt_auth_blob->length - (DCERPC_AUTH_TRAILER_LENGTH + pkt->auth_length);
/* paranoia check for pad size. This would be caught anyway by
the ndr_pull_advance() a few lines down, but it scared
Jeremy enough for him to call me, so we might as well check
it now, just to prevent someone posting a bogus YouTube
video in the future.
*/
if (pad > pkt_auth_blob->length) {
return NT_STATUS_INFO_LENGTH_MISMATCH;
}
*auth_length = pkt_auth_blob->length - pad;
ndr = ndr_pull_init_blob(pkt_auth_blob, mem_ctx, NULL);