diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-09-17 18:04:05 +1000 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2010-09-20 16:15:11 -0700 |
commit | 03011bf11837e75474f91f422ddf35d827d31cd1 (patch) | |
tree | 88b95ddb102a24dec0035322db802391b1b33f7f | |
parent | 6acb47b1154562415bf966f72262481d25e58708 (diff) | |
download | samba-03011bf11837e75474f91f422ddf35d827d31cd1.tar.gz samba-03011bf11837e75474f91f422ddf35d827d31cd1.tar.bz2 samba-03011bf11837e75474f91f422ddf35d827d31cd1.zip |
s3-libads call common GUID_from_ndr_blob()
This does a length-limited check, and so avoids reading beyond the
allocated memory if the server sends less than 16 bytes.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
-rw-r--r-- | source3/libads/ldap.c | 36 | ||||
-rw-r--r-- | source3/printing/nt_printing_ads.c | 7 |
2 files changed, 22 insertions, 21 deletions
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 3525876ecf..32138a784c 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -2127,13 +2127,16 @@ static void dump_guid(ADS_STRUCT *ads, const char *field, struct berval **values { int i; for (i=0; values[i]; i++) { + NTSTATUS status; + DATA_BLOB in = data_blob_const(values[i]->bv_val, values[i]->bv_len); + struct GUID guid; - UUID_FLAT guid; - struct GUID tmp; - - memcpy(guid.info, values[i]->bv_val, sizeof(guid.info)); - smb_uuid_unpack(guid, &tmp); - printf("%s: %s\n", field, GUID_string(talloc_tos(), &tmp)); + status = GUID_from_ndr_blob(&in, &guid); + if (NT_STATUS_IS_OK(status)) { + printf("%s: %s\n", field, GUID_string(talloc_tos(), &guid)); + } else { + printf("%s: INVALID GUID\n", field); + } } } @@ -2609,22 +2612,17 @@ int ads_count_replies(ADS_STRUCT *ads, void *res) **/ bool ads_pull_guid(ADS_STRUCT *ads, LDAPMessage *msg, struct GUID *guid) { - char **values; - UUID_FLAT flat_guid; - - values = ldap_get_values(ads->ldap.ld, msg, "objectGUID"); - if (!values) - return False; + DATA_BLOB blob; + NTSTATUS status; - if (values[0]) { - memcpy(&flat_guid.info, values[0], sizeof(UUID_FLAT)); - smb_uuid_unpack(flat_guid, guid); - ldap_value_free(values); - return True; + if (!smbldap_talloc_single_blob(talloc_tos(), ads->ldap.ld, msg, "objectGUID", + &blob)) { + return false; } - ldap_value_free(values); - return False; + status = GUID_from_ndr_blob(&blob, guid); + talloc_free(blob.data); + return NT_STATUS_IS_OK(status); } diff --git a/source3/printing/nt_printing_ads.c b/source3/printing/nt_printing_ads.c index 4b39173c3e..56086c9e89 100644 --- a/source3/printing/nt_printing_ads.c +++ b/source3/printing/nt_printing_ads.c @@ -187,10 +187,13 @@ static WERROR nt_printer_publish_ads(struct messaging_context *msg_ctx, /* retreive the guid and store it locally */ if (ADS_ERR_OK(ads_search_dn(ads, &res, prt_dn, attrs))) { + bool guid_ok; ZERO_STRUCT(guid); - ads_pull_guid(ads, res, &guid); + guid_ok = ads_pull_guid(ads, res, &guid); ads_msgfree(ads, res); - store_printer_guid(msg_ctx, printer, guid); + if (guid_ok) { + store_printer_guid(msg_ctx, printer, guid); + } } TALLOC_FREE(ctx); |