summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-09-17 18:04:05 +1000
committerGünther Deschner <gd@samba.org>2010-09-20 16:15:11 -0700
commit03011bf11837e75474f91f422ddf35d827d31cd1 (patch)
tree88b95ddb102a24dec0035322db802391b1b33f7f
parent6acb47b1154562415bf966f72262481d25e58708 (diff)
downloadsamba-03011bf11837e75474f91f422ddf35d827d31cd1.tar.gz
samba-03011bf11837e75474f91f422ddf35d827d31cd1.tar.bz2
samba-03011bf11837e75474f91f422ddf35d827d31cd1.zip
s3-libads call common GUID_from_ndr_blob()
This does a length-limited check, and so avoids reading beyond the allocated memory if the server sends less than 16 bytes. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
-rw-r--r--source3/libads/ldap.c36
-rw-r--r--source3/printing/nt_printing_ads.c7
2 files changed, 22 insertions, 21 deletions
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 3525876ecf..32138a784c 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -2127,13 +2127,16 @@ static void dump_guid(ADS_STRUCT *ads, const char *field, struct berval **values
{
int i;
for (i=0; values[i]; i++) {
+ NTSTATUS status;
+ DATA_BLOB in = data_blob_const(values[i]->bv_val, values[i]->bv_len);
+ struct GUID guid;
- UUID_FLAT guid;
- struct GUID tmp;
-
- memcpy(guid.info, values[i]->bv_val, sizeof(guid.info));
- smb_uuid_unpack(guid, &tmp);
- printf("%s: %s\n", field, GUID_string(talloc_tos(), &tmp));
+ status = GUID_from_ndr_blob(&in, &guid);
+ if (NT_STATUS_IS_OK(status)) {
+ printf("%s: %s\n", field, GUID_string(talloc_tos(), &guid));
+ } else {
+ printf("%s: INVALID GUID\n", field);
+ }
}
}
@@ -2609,22 +2612,17 @@ int ads_count_replies(ADS_STRUCT *ads, void *res)
**/
bool ads_pull_guid(ADS_STRUCT *ads, LDAPMessage *msg, struct GUID *guid)
{
- char **values;
- UUID_FLAT flat_guid;
-
- values = ldap_get_values(ads->ldap.ld, msg, "objectGUID");
- if (!values)
- return False;
+ DATA_BLOB blob;
+ NTSTATUS status;
- if (values[0]) {
- memcpy(&flat_guid.info, values[0], sizeof(UUID_FLAT));
- smb_uuid_unpack(flat_guid, guid);
- ldap_value_free(values);
- return True;
+ if (!smbldap_talloc_single_blob(talloc_tos(), ads->ldap.ld, msg, "objectGUID",
+ &blob)) {
+ return false;
}
- ldap_value_free(values);
- return False;
+ status = GUID_from_ndr_blob(&blob, guid);
+ talloc_free(blob.data);
+ return NT_STATUS_IS_OK(status);
}
diff --git a/source3/printing/nt_printing_ads.c b/source3/printing/nt_printing_ads.c
index 4b39173c3e..56086c9e89 100644
--- a/source3/printing/nt_printing_ads.c
+++ b/source3/printing/nt_printing_ads.c
@@ -187,10 +187,13 @@ static WERROR nt_printer_publish_ads(struct messaging_context *msg_ctx,
/* retreive the guid and store it locally */
if (ADS_ERR_OK(ads_search_dn(ads, &res, prt_dn, attrs))) {
+ bool guid_ok;
ZERO_STRUCT(guid);
- ads_pull_guid(ads, res, &guid);
+ guid_ok = ads_pull_guid(ads, res, &guid);
ads_msgfree(ads, res);
- store_printer_guid(msg_ctx, printer, guid);
+ if (guid_ok) {
+ store_printer_guid(msg_ctx, printer, guid);
+ }
}
TALLOC_FREE(ctx);