diff options
author | Andrew Tridgell <tridge@samba.org> | 2004-10-13 12:55:10 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:59:50 -0500 |
commit | 8d0f79595b4220736b7e84d30440035780044078 (patch) | |
tree | e6dba1a21b9486f953fd8df6c8d1548840b9f0fc | |
parent | 2003ab2598e7dc93ceb2afc7f71986e5f27758b8 (diff) | |
download | samba-8d0f79595b4220736b7e84d30440035780044078.tar.gz samba-8d0f79595b4220736b7e84d30440035780044078.tar.bz2 samba-8d0f79595b4220736b7e84d30440035780044078.zip |
r2948: added support for the [range(low,high)] attribute in pidl. This allows
range checking of any integer value, to help protect against denial of
service attacks (which could otherwise cause large memory allocations)
(This used to be commit dbe6430d78f1b9aa59969074077e4afa5adf7570)
-rw-r--r-- | source4/build/pidl/parser.pm | 5 | ||||
-rw-r--r-- | source4/librpc/ndr/libndr.h | 3 |
2 files changed, 7 insertions, 1 deletions
diff --git a/source4/build/pidl/parser.pm b/source4/build/pidl/parser.pm index edecc24284..abf5785a45 100644 --- a/source4/build/pidl/parser.pm +++ b/source4/build/pidl/parser.pm @@ -547,6 +547,11 @@ sub ParseElementPullScalar($$$) } else { pidl "\tNDR_CHECK(ndr_pull_$e->{TYPE}(ndr, $ndr_flags, $cprefix$var_prefix$e->{NAME}));\n"; } + if (my $range = util::has_property($e, "range")) { + my ($low, $high) = split(/ /, $range, 2); + pidl "\tif ($var_prefix$e->{NAME} < $low || $var_prefix$e->{NAME} > $high) {\n"; + pidl "\t\treturn ndr_pull_error(ndr, NDR_ERR_RANGE, \"value out of range\");\n\t}\n"; + } end_flags($e); } diff --git a/source4/librpc/ndr/libndr.h b/source4/librpc/ndr/libndr.h index 8894877721..59e8b744df 100644 --- a/source4/librpc/ndr/libndr.h +++ b/source4/librpc/ndr/libndr.h @@ -141,7 +141,8 @@ enum ndr_err_code { NDR_ERR_STRING, NDR_ERR_VALIDATE, NDR_ERR_BUFSIZE, - NDR_ERR_ALLOC + NDR_ERR_ALLOC, + NDR_ERR_RANGE }; /* |