summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2005-08-17 12:28:47 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:33:27 -0500
commit36fb8185edc70dfdedbf6e26c2aafaa3c46a9102 (patch)
tree74b06005fd22998132604b66205c7c78bc71f1f2
parent4e3cacdaa83638b705c4fa6e79e8f17456c3e233 (diff)
downloadsamba-36fb8185edc70dfdedbf6e26c2aafaa3c46a9102.tar.gz
samba-36fb8185edc70dfdedbf6e26c2aafaa3c46a9102.tar.bz2
samba-36fb8185edc70dfdedbf6e26c2aafaa3c46a9102.zip
r9356: a better way of coping with NULL arrays in the array bounds checking. This copes with the
case of size_is(*size) where size is NULL, and the array is NULL (This used to be commit 56769b4b1d900cce60cd35298b642a85e4eddfee)
-rw-r--r--source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm4
-rw-r--r--source4/librpc/ndr/ndr.c8
2 files changed, 4 insertions, 8 deletions
diff --git a/source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm b/source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm
index 65b9ed57bc..4dd838bcb7 100644
--- a/source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm
+++ b/source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm
@@ -319,14 +319,18 @@ sub ParseArrayPullHeader($$$$$)
if ($l->{IS_CONFORMANT} and not $l->{IS_ZERO_TERMINATED}) {
my $size = ParseExpr($l->{SIZE_IS}, $env);
+ defer "if ($var_name) {";
check_null_pointer_deferred($size);
defer "NDR_CHECK(ndr_check_array_size(ndr, (void*)" . get_pointer_to($var_name) . ", $size));";
+ defer "}";
}
if ($l->{IS_VARYING} and not $l->{IS_ZERO_TERMINATED}) {
my $length = ParseExpr($l->{LENGTH_IS}, $env);
+ defer "if ($var_name) {";
check_null_pointer_deferred($length);
defer "NDR_CHECK(ndr_check_array_length(ndr, (void*)" . get_pointer_to($var_name) . ", $length));";
+ defer "}"
}
if (!$l->{IS_FIXED}) {
diff --git a/source4/librpc/ndr/ndr.c b/source4/librpc/ndr/ndr.c
index 2cbb83a0f4..3a291c2cf8 100644
--- a/source4/librpc/ndr/ndr.c
+++ b/source4/librpc/ndr/ndr.c
@@ -493,10 +493,6 @@ uint32_t ndr_get_array_size(struct ndr_pull *ndr, const void *p)
NTSTATUS ndr_check_array_size(struct ndr_pull *ndr, void *p, uint32_t size)
{
uint32_t stored;
- /* a NULL array is OK */
- if (*(void **)p == NULL) {
- return NT_STATUS_OK;
- }
stored = ndr_token_peek(&ndr->array_size_list, p);
if (stored != size) {
return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE,
@@ -535,10 +531,6 @@ uint32_t ndr_get_array_length(struct ndr_pull *ndr, const void *p)
NTSTATUS ndr_check_array_length(struct ndr_pull *ndr, void *p, uint32_t length)
{
uint32_t stored;
- /* a NULL array is OK */
- if (*(void **)p == NULL) {
- return NT_STATUS_OK;
- }
stored = ndr_token_peek(&ndr->array_length_list, p);
if (stored != length) {
return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE,