summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2005-10-10 14:10:37 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:39:39 -0500
commit3dfe8c22b835c34453b23b654cd5649d698da3cb (patch)
tree69a10c281ed60d0416a292dbfb773fb229ce3ff2
parentb2490bb98d964f961addf0b99fb8706d46961b6f (diff)
downloadsamba-3dfe8c22b835c34453b23b654cd5649d698da3cb.tar.gz
samba-3dfe8c22b835c34453b23b654cd5649d698da3cb.tar.bz2
samba-3dfe8c22b835c34453b23b654cd5649d698da3cb.zip
r10873: check the complete payload header
metze (This used to be commit 27f8d82231f2978ff15719e4b23912ae7f910638)
-rw-r--r--source4/librpc/ndr/ndr_compression.c14
1 files changed, 11 insertions, 3 deletions
diff --git a/source4/librpc/ndr/ndr_compression.c b/source4/librpc/ndr/ndr_compression.c
index fc16faca80..fb04a1799a 100644
--- a/source4/librpc/ndr/ndr_compression.c
+++ b/source4/librpc/ndr/ndr_compression.c
@@ -116,14 +116,22 @@ static NTSTATUS ndr_pull_compression_mszip(struct ndr_pull *subndr,
NDR_CHECK(ndr_pull_uint32(comndr, NDR_SCALARS, &payload_header[2]));
NDR_CHECK(ndr_pull_uint32(comndr, NDR_SCALARS, &payload_header[3]));
- payload_size = payload_header[2];
-
- /* TODO: check the first 4 bytes of the header */
+ if (payload_header[0] != 0x00081001) {
+ return ndr_pull_error(subndr, NDR_ERR_COMPRESSION, "Bad MSZIP payload_header[0] [0x%08X] != [0x00081001] (PULL)",
+ payload_header[0]);
+ }
if (payload_header[1] != 0xCCCCCCCC) {
return ndr_pull_error(subndr, NDR_ERR_COMPRESSION, "Bad MSZIP payload_header[1] [0x%08X] != [0xCCCCCCCC] (PULL)",
payload_header[1]);
}
+ payload_size = payload_header[2];
+
+ if (payload_header[3] != 0x00000000) {
+ return ndr_pull_error(subndr, NDR_ERR_COMPRESSION, "Bad MSZIP payload_header[3] [0x%08X] != [0x00000000] (PULL)",
+ payload_header[3]);
+ }
+
payload_offset = comndr->offset;
NDR_CHECK(ndr_pull_advance(comndr, payload_size));
payload = comndr->data + payload_offset;