diff options
author | Volker Lendecke <vl@samba.org> | 2008-11-08 16:48:20 +0100 |
---|---|---|
committer | Volker Lendecke <vl@samba.org> | 2008-11-28 08:24:37 +0100 |
commit | 9a3be6f0f8e120797a02fa1be60b51812cfd86f5 (patch) | |
tree | d2fa5cd4e774e56a9fc000b611e5fce06da60996 | |
parent | 738271fc2026b2911b7d20a73496989641714df3 (diff) | |
download | samba-9a3be6f0f8e120797a02fa1be60b51812cfd86f5.tar.gz samba-9a3be6f0f8e120797a02fa1be60b51812cfd86f5.tar.bz2 samba-9a3be6f0f8e120797a02fa1be60b51812cfd86f5.zip |
Move cli_trans_oob to lib/util.c
Rename it to trans_oob, it will be used in the server routines.
-rw-r--r-- | source3/include/proto.h | 1 | ||||
-rw-r--r-- | source3/lib/util.c | 19 | ||||
-rw-r--r-- | source3/libsmb/clitrans.c | 21 |
3 files changed, 24 insertions, 17 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index 73be87b6fc..71f12a6844 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1251,6 +1251,7 @@ char *procid_str_static(const struct server_id *pid); bool procid_valid(const struct server_id *pid); bool procid_is_local(const struct server_id *pid); int this_is_smp(void); +bool trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length); bool is_offset_safe(const char *buf_base, size_t buf_len, char *ptr, size_t off); char *get_safe_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off); char *get_safe_str_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off); diff --git a/source3/lib/util.c b/source3/lib/util.c index 5007fb72ef..074b523ae0 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -2879,6 +2879,25 @@ int this_is_smp(void) } /**************************************************************** + Check if offset/length fit into bufsize. Should probably be + merged with is_offset_safe, but this would require a rewrite + of lanman.c. Later :-) +****************************************************************/ + +bool trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length) +{ + if ((offset + length < offset) || (offset + length < length)) { + /* wrap */ + return true; + } + if ((offset > bufsize) || (offset + length > bufsize)) { + /* overflow */ + return true; + } + return false; +} + +/**************************************************************** Check if an offset into a buffer is safe. If this returns True it's safe to indirect into the byte at pointer ptr+off. diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c index c929f0b7a9..bbdfb75fcd 100644 --- a/source3/libsmb/clitrans.c +++ b/source3/libsmb/clitrans.c @@ -978,19 +978,6 @@ static void cli_trans_ship_rest(struct async_req *req, } } -static bool cli_trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length) -{ - if ((offset + length < offset) || (offset + length < length)) { - /* wrap */ - return true; - } - if ((offset > bufsize) || (offset + length > bufsize)) { - /* overflow */ - return true; - } - return false; -} - static NTSTATUS cli_pull_trans(struct async_req *req, struct cli_request *cli_req, uint8_t smb_cmd, bool expect_first_reply, @@ -1072,10 +1059,10 @@ static NTSTATUS cli_pull_trans(struct async_req *req, * length. Likewise for param_ofs/param_disp. */ - if (cli_trans_oob(smb_len(cli_req->inbuf), param_ofs, *pnum_param) - || cli_trans_oob(*ptotal_param, *pparam_disp, *pnum_param) - || cli_trans_oob(smb_len(cli_req->inbuf), data_ofs, *pnum_data) - || cli_trans_oob(*ptotal_data, *pdata_disp, *pnum_data)) { + if (trans_oob(smb_len(cli_req->inbuf), param_ofs, *pnum_param) + || trans_oob(*ptotal_param, *pparam_disp, *pnum_param) + || trans_oob(smb_len(cli_req->inbuf), data_ofs, *pnum_data) + || trans_oob(*ptotal_data, *pdata_disp, *pnum_data)) { return NT_STATUS_INVALID_NETWORK_RESPONSE; } |