sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-27 14:04:05 +03:00
Code
samba-mirror/librpc/ndr
History
Joseph Sutton 47b6696dcd librpc:ndr: Fix overflow in ndr_push_expand 
If ‘size’ was equal to UINT32_MAX, the expression ‘size+1’ could
overflow to zero.

This could result in inadequate memory being allocated, which could
cause ndr_pull_compression_xpress_huff_raw_chunk() to overflow memory
with zero bytes.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57728

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15415

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-07-07 00:17:31 +00:00
..
libndr.h
librpc/ndr: Implement lzxpress_huffman() compression in libndr for Kerberos Claims
2023-03-31 01:48:30 +00:00
ndr_auth.c
ndr_auth.h
ndr_backupkey.c
librpc:ndr: Fix code spelling
2023-06-23 13:44:31 +00:00
ndr_backupkey.h
ndr_basic.c
libndr: Handle allocation failure
2023-04-12 13:52:31 +00:00
ndr_bkupblobs.c
idl: add nt backup blobs format
2014-10-02 12:02:01 +02:00
ndr_cab.c
librpc: Always call ndr_push_compression_state_init() for compression
2023-05-05 02:54:30 +00:00
ndr_cab.h
librpc/ndr: Remove unused ndr_cab_generate_checksum()
2019-11-29 00:44:40 +00:00
ndr_claims.c
librpc/ndr: Add missing newlines to error messages
2023-04-12 13:52:31 +00:00
ndr_claims.h
librpc/ndr: Use libndr compression for claims
2023-03-31 01:48:30 +00:00
ndr_compression.c
librpc:ndr: Fix code spelling
2023-06-23 13:44:31 +00:00
ndr_compression.h
librpc: Always call ndr_push_compression_state_init() for compression
2023-05-05 02:54:30 +00:00
ndr_dcerpc.c
dcerpc.idl: set LIBNDR_FLAG_* flags based on DCERPC_PFC_FLAG_OBJECT_UUID and DCERPC_DREP_LE
2016-10-26 11:20:18 +02:00
ndr_dcerpc.h
dcerpc.idl: hide (ndr->flags & LIBNDR_FLAG_OBJECT_PRESENT) logic behind a define
2014-03-28 08:34:25 +01:00
ndr_dns_utils.c
CVE-2020-10745: ndr/dns-utils: prepare for NBT compatibility
2020-07-02 09:01:41 +00:00
ndr_dns_utils.h
CVE-2020-10745: ndr/dns-utils: prepare for NBT compatibility
2020-07-02 09:01:41 +00:00
ndr_dns.c
CVE-2020-10745: ndr/dns-utils: prepare for NBT compatibility
2020-07-02 09:01:41 +00:00
ndr_dns.h
ndr_dnsp.c
librpc: Do not access name[-1] trying to push "" into a dnsp_name
2019-12-20 11:33:52 +00:00
ndr_dnsp.h
CVE-2016-0771: librpc: add ndr_dnsp_string_list_copy() helper function
2016-03-10 06:52:23 +01:00
ndr_dnsserver.c
ndr_dnsserver.h
ndr_drsblobs.c
drsblobs.idl: supplementalCredentialsSubBlob make it possible to parse strange blobs
2016-07-20 21:27:17 +02:00
ndr_drsblobs.h
ndr_drsuapi.c
librpc: Always call ndr_push_compression_state_init() for compression
2023-05-05 02:54:30 +00:00
ndr_drsuapi.h
ndr_frsrpc.c
ndr_frsrpc.h
ndr_ioctl.c
librpc: Add NETWORK_INTERFACE_INFO IDL data structure
2014-07-24 19:07:06 +02:00
ndr_krb5pac.c
CVE-2020-25721 krb5pac: Add new buffers for samAccountName and objectSID
2021-11-09 19:45:32 +00:00
ndr_krb5pac.h
krb5pac: no need for a noprint PAC_BUFFER.
2016-07-20 21:27:18 +02:00
ndr_misc.c
lib: Simplify parse_guid_string() and ndr_syntax_id_from_string()
2021-01-28 16:58:35 +00:00
ndr_nbt.c
CVE-2020-10745: ndr/dns-utils: prepare for NBT compatibility
2020-07-02 09:01:41 +00:00
ndr_nbt.h
librpc/ndr: add ndr_print_netlogon_samlogon_response()
2019-09-26 18:41:26 +00:00
ndr_negoex.c
pidl: Avoid leaving array_size NDR tokens around
2021-06-02 03:56:36 +00:00
ndr_negoex.h
build: Get rid of hardcoded 'bin/default' in includes
2019-02-08 08:51:19 +01:00
ndr_netlogon.c
ndr_netlogon.h
ndr_ntlmssp.c
pidl: Add and use ndr_print_steal_switch_value(), removing ndr_print_get_switch_value()
2019-12-12 02:30:40 +00:00
ndr_ntlmssp.h
librpc/ndr: add ndr_ntlmssp_find_av() helper function
2016-03-10 06:52:29 +01:00
ndr_ntprinting.c
ndr: Pass down string_flags in ndr_pull_ntprinting_printer().
2013-03-15 12:11:03 +01:00
ndr_ntprinting.h
ndr: Add ndr_ntprinting_string_flags() function.
2013-03-15 12:11:02 +01:00
ndr_ODJ.c
librpc: add custom odj_switch_level_from_guid()
2021-07-14 16:49:29 +00:00
ndr_ODJ.h
librpc: add custom odj_switch_level_from_guid()
2021-07-14 16:49:29 +00:00
ndr_orpc.c
ndr_orpc: properly allocate empty DUALSTRINGARRAY
2019-11-20 04:41:28 +00:00
ndr_preg.c
ndr_preg.h
ndr_private.h
selftest: Add test of NDR marshalling from python, starting with wbint
2021-06-02 03:56:36 +00:00
ndr_rap.c
ndr_rap.h
ndr_schannel.c
pidl: Add and use ndr_print_steal_switch_value(), removing ndr_print_get_switch_value()
2019-12-12 02:30:40 +00:00
ndr_schannel.h
ndr_sec_helper.c
librpc/ndr: Fix incorrect error string in SID parser
2022-10-21 03:57:33 +00:00
ndr_spoolss_buf.c
pidl: Avoid leaving array_size NDR tokens around
2021-06-02 03:56:36 +00:00
ndr_spoolss_buf.h
librpc: pidlify spoolss_EnumPerMachineConnections
2020-01-08 23:51:31 +00:00
ndr_string.c
librpc:ndr: Fix code spelling
2023-06-23 13:44:31 +00:00
ndr_svcctl.c
ndr_svcctl.h
ndr_table.c
librpc:ndr: Fix code spelling
2023-06-23 13:44:31 +00:00
ndr_table.h
librpc/ndr: add ndr_table_by_syntax()
2014-02-11 16:20:28 +01:00
ndr_witness.c
librpc:ndr:witness: remove an unneeded block, reducing indentation.
2015-07-07 23:37:04 +02:00
ndr_witness.h
witness: autogenerate the marshalling of the witness_notifyResponse_message.
2015-07-03 02:00:27 +02:00
ndr_wmi.c
ndr_wmi.h
ndr_xattr.c
ndr_xattr.h
ndr.c
librpc:ndr: Fix overflow in ndr_push_expand
2023-07-07 00:17:31 +00:00
util.c
librpc:ndr: Implement ndr_zero_memory()
2019-02-14 15:59:25 +01:00
uuid.c
librpc: Simplify GUID_hexstring()
2021-08-24 17:32:28 +00:00