summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-10-13 12:55:10 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:59:50 -0500
commit8d0f79595b4220736b7e84d30440035780044078 (patch)
treee6dba1a21b9486f953fd8df6c8d1548840b9f0fc
parent2003ab2598e7dc93ceb2afc7f71986e5f27758b8 (diff)
downloadsamba-8d0f79595b4220736b7e84d30440035780044078.tar.gz
samba-8d0f79595b4220736b7e84d30440035780044078.tar.bz2
samba-8d0f79595b4220736b7e84d30440035780044078.zip
r2948: added support for the [range(low,high)] attribute in pidl. This allows
range checking of any integer value, to help protect against denial of service attacks (which could otherwise cause large memory allocations) (This used to be commit dbe6430d78f1b9aa59969074077e4afa5adf7570)
-rw-r--r--source4/build/pidl/parser.pm5
-rw-r--r--source4/librpc/ndr/libndr.h3
2 files changed, 7 insertions, 1 deletions
diff --git a/source4/build/pidl/parser.pm b/source4/build/pidl/parser.pm
index edecc24284..abf5785a45 100644
--- a/source4/build/pidl/parser.pm
+++ b/source4/build/pidl/parser.pm
@@ -547,6 +547,11 @@ sub ParseElementPullScalar($$$)
} else {
pidl "\tNDR_CHECK(ndr_pull_$e->{TYPE}(ndr, $ndr_flags, $cprefix$var_prefix$e->{NAME}));\n";
}
+ if (my $range = util::has_property($e, "range")) {
+ my ($low, $high) = split(/ /, $range, 2);
+ pidl "\tif ($var_prefix$e->{NAME} < $low || $var_prefix$e->{NAME} > $high) {\n";
+ pidl "\t\treturn ndr_pull_error(ndr, NDR_ERR_RANGE, \"value out of range\");\n\t}\n";
+ }
end_flags($e);
}
diff --git a/source4/librpc/ndr/libndr.h b/source4/librpc/ndr/libndr.h
index 8894877721..59e8b744df 100644
--- a/source4/librpc/ndr/libndr.h
+++ b/source4/librpc/ndr/libndr.h
@@ -141,7 +141,8 @@ enum ndr_err_code {
NDR_ERR_STRING,
NDR_ERR_VALIDATE,
NDR_ERR_BUFSIZE,
- NDR_ERR_ALLOC
+ NDR_ERR_ALLOC,
+ NDR_ERR_RANGE
};
/*