1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-06 13:18:07 +03:00
samba-mirror/librpc/idl/witness.idl
Stefan Metzmacher 8cce23acb9 witness.idl: fix length calculation for witness_IPaddrInfoList
If r->num is 0, we should not dereference r->addr.

Using ndr_size_witness_IPaddrInfoList() also make this much simpler
and avoids the magic 12.

Credit Oss-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22175
REF: https://oss-fuzz.com/testcase-detail/5686294157197312

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14452

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-07-08 09:30:40 +00:00

153 lines
4.6 KiB
Plaintext

#include "idl_types.h"
import "misc.idl";
[
uuid("ccd8c074-d0e5-4a40-92b4-d074faa6ba28"),
version(1.1),
pointer_default(unique),
helpstring("SMB Witness Service"),
helper("../librpc/ndr/ndr_witness.h"),
endpoint("ncacn_ip_tcp:")
]
interface witness
{
typedef [v1_enum] enum {
WITNESS_V1 = 0x00010001,
WITNESS_V2 = 0x00020000,
WITNESS_UNSPECIFIED_VERSION = 0xFFFFFFFF
} witness_version;
/*****************/
/* Function 0x00 */
typedef [enum16bit] enum {
WITNESS_STATE_UNKNOWN = 0x00,
WITNESS_STATE_AVAILABLE = 0x01,
WITNESS_STATE_UNAVAILABLE = 0xff
} witness_interfaceInfo_state;
typedef [bitmap32bit] bitmap {
WITNESS_INFO_IPv4_VALID = 0x01,
WITNESS_INFO_IPv6_VALID = 0x02,
WITNESS_INFO_WITNESS_IF = 0x04
} witness_interfaceInfo_flags;
typedef struct {
[charset(UTF16),to_null] uint16 group_name[260];
witness_version version;
witness_interfaceInfo_state state;
[flag(NDR_BIG_ENDIAN)] ipv4address ipv4;
[flag(NDR_BIG_ENDIAN)] ipv6address ipv6;
witness_interfaceInfo_flags flags;
} witness_interfaceInfo;
typedef struct {
uint32 num_interfaces;
[size_is(num_interfaces)] witness_interfaceInfo *interfaces;
} witness_interfaceList;
[public] WERROR witness_GetInterfaceList(
[out] witness_interfaceList **interface_list
);
/*****************/
/* Function 0x01 */
[public] WERROR witness_Register(
[out,ref] policy_handle *context_handle,
[in] witness_version version,
[in,unique,string,charset(UTF16)] uint16 *net_name,
[in,unique,string,charset(UTF16)] uint16 *ip_address,
[in,unique,string,charset(UTF16)] uint16 *client_computer_name
);
/*****************/
/* Function 0x02 */
[public] WERROR witness_UnRegister(
[in] policy_handle context_handle
);
/*****************/
/* Function 0x03 */
typedef [v1_enum,public] enum {
WITNESS_NOTIFY_RESOURCE_CHANGE = 1,
WITNESS_NOTIFY_CLIENT_MOVE = 2,
WITNESS_NOTIFY_SHARE_MOVE = 3,
WITNESS_NOTIFY_IP_CHANGE = 4
} witness_notifyResponse_type;
typedef [v1_enum] enum {
WITNESS_RESOURCE_STATE_UNKNOWN = 0x00,
WITNESS_RESOURCE_STATE_AVAILABLE = 0x01,
WITNESS_RESOURCE_STATE_UNAVAILABLE = 0xff
} witness_ResourceChange_type;
typedef [flag(NDR_NOALIGN|NDR_LITTLE_ENDIAN),gensize,public] struct {
[value(ndr_size_witness_ResourceChange(r,ndr->flags))] uint32 length;
witness_ResourceChange_type type;
nstring name;
} witness_ResourceChange;
typedef [bitmap32bit] bitmap {
WITNESS_IPADDR_V4 = 0x01,
WITNESS_IPADDR_V6 = 0x02,
WITNESS_IPADDR_ONLINE = 0x08,
WITNESS_IPADDR_OFFLINE = 0x10
} witness_IPaddrInfo_flags;
typedef [flag(NDR_NOALIGN|NDR_LITTLE_ENDIAN)] struct {
witness_IPaddrInfo_flags flags;
[flag(NDR_BIG_ENDIAN)] ipv4address ipv4;
[flag(NDR_BIG_ENDIAN)] ipv6address ipv6;
} witness_IPaddrInfo;
typedef [public,flag(NDR_NOALIGN|NDR_LITTLE_ENDIAN),gensize] struct {
[value(ndr_size_witness_IPaddrInfoList(r, ndr->flags))] uint32 length;
[value(0)] uint32 reserved;
uint32 num;
witness_IPaddrInfo addr[num];
} witness_IPaddrInfoList;
typedef [public,switch_type(witness_notifyResponse_type),nodiscriminant, flag(NDR_NOALIGN|NDR_LITTLE_ENDIAN)] union {
[case(WITNESS_NOTIFY_RESOURCE_CHANGE)] witness_ResourceChange resource_change;
[case(WITNESS_NOTIFY_CLIENT_MOVE)] witness_IPaddrInfoList client_move;
[case(WITNESS_NOTIFY_SHARE_MOVE)] witness_IPaddrInfoList share_move;
[case(WITNESS_NOTIFY_IP_CHANGE)] witness_IPaddrInfoList ip_change;
[default,flag(NDR_REMAINING)] DATA_BLOB data;
} witness_notifyResponse_message;
typedef [flag(NDR_PAHEX),gensize,public,nopush,nopull] struct {
witness_notifyResponse_type type;
[value(ndr_size_witness_notifyResponse(r, ndr->flags)-20)] uint32 length;
uint32 num;
[subcontext(4), subcontext_size(length), flag(NDR_REMAINING), switch_is(type), size_is(num)] witness_notifyResponse_message *messages;
} witness_notifyResponse;
[public] WERROR witness_AsyncNotify(
[in] policy_handle context_handle,
[out] witness_notifyResponse **response
);
/*****************/
/* Function 0x04 */
typedef [bitmap32bit] bitmap {
WITNESS_REGISTER_NONE = 0x00,
WITNESS_REGISTER_IP_NOTIFICATION = 0x01
} witness_RegisterEx_flags;
WERROR witness_RegisterEx(
[out,ref] policy_handle *context_handle,
[in] witness_version version,
[in,unique,string,charset(UTF16)] uint16 *net_name,
[in,unique,string,charset(UTF16)] uint16 *share_name,
[in,unique,string,charset(UTF16)] uint16 *ip_address,
[in,unique,string,charset(UTF16)] uint16 *client_computer_name,
[in] witness_RegisterEx_flags flags,
[in] uint32 timeout
);
}