diff options
| author | Jeremy Allison <jra@samba.org> | 2011-03-28 13:26:27 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2011-03-28 23:12:07 +0200 |
| commit | 52602e4f5ad0f7c3cdb4a50dfe32d0b8ad49b6e4 (patch) | |
| tree | 69911fe6eca738368d497107032f3a3b084058b6 /libcli/auth/msrpc_parse.c | |
| parent | fbe19ba39843d0c70758fc8d775b085a67224a94 (diff) | |
| download | samba-52602e4f5ad0f7c3cdb4a50dfe32d0b8ad49b6e4.tar.gz samba-52602e4f5ad0f7c3cdb4a50dfe32d0b8ad49b6e4.tar.bz2 samba-52602e4f5ad0f7c3cdb4a50dfe32d0b8ad49b6e4.zip | |
Fix inspired by work done by David Disseldorp for bug #8040 - smbclient segfaults when a Cyrillic netbios name or workgroup is configured.
Change msrpc_gen to return NTSTATUS and ensure everywhere this is
used it is correctly checked to return that status.
Jeremy.
Diffstat (limited to 'libcli/auth/msrpc_parse.c')
| -rw-r--r-- | libcli/auth/msrpc_parse.c | 34 |
1 files changed, 28 insertions, 6 deletions
diff --git a/libcli/auth/msrpc_parse.c b/libcli/auth/msrpc_parse.c index 1351dfaae7..bdbba3d76c 100644 --- a/libcli/auth/msrpc_parse.c +++ b/libcli/auth/msrpc_parse.c @@ -40,7 +40,7 @@ d = word (4 bytes) C = constant ascii string */ -bool msrpc_gen(TALLOC_CTX *mem_ctx, +NTSTATUS msrpc_gen(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const char *format, ...) { @@ -57,7 +57,13 @@ bool msrpc_gen(TALLOC_CTX *mem_ctx, DATA_BLOB *pointers; pointers = talloc_array(mem_ctx, DATA_BLOB, strlen(format)); + if (!pointers) { + return NT_STATUS_NO_MEMORY; + } intargs = talloc_array(pointers, int, strlen(format)); + if (!intargs) { + return NT_STATUS_NO_MEMORY; + } /* first scan the format to work out the header and body size */ va_start(ap, format); @@ -72,7 +78,7 @@ bool msrpc_gen(TALLOC_CTX *mem_ctx, s, &n); if (!ret) { va_end(ap); - return false; + return map_nt_error_from_unix(errno); } pointers[i].length = n; pointers[i].length -= 2; @@ -86,7 +92,7 @@ bool msrpc_gen(TALLOC_CTX *mem_ctx, s, &n); if (!ret) { va_end(ap); - return false; + return map_nt_error_from_unix(errno); } pointers[i].length = n; pointers[i].length -= 1; @@ -102,7 +108,7 @@ bool msrpc_gen(TALLOC_CTX *mem_ctx, s, &n); if (!ret) { va_end(ap); - return false; + return map_nt_error_from_unix(errno); } pointers[i].length = n; pointers[i].length -= 2; @@ -132,13 +138,22 @@ bool msrpc_gen(TALLOC_CTX *mem_ctx, pointers[i].length = strlen(s)+1; head_size += pointers[i].length; break; + default: + va_end(ap); + return NT_STATUS_INVALID_PARAMETER; } } va_end(ap); + if (head_size + data_size == 0) { + return NT_STATUS_INVALID_PARAMETER; + } + /* allocate the space, then scan the format again to fill in the values */ *blob = data_blob_talloc(mem_ctx, NULL, head_size + data_size); - + if (!blob->data) { + return NT_STATUS_NO_MEMORY; + } head_ofs = 0; data_ofs = head_size; @@ -185,13 +200,16 @@ bool msrpc_gen(TALLOC_CTX *mem_ctx, memcpy(blob->data + head_ofs, pointers[i].data, n); head_ofs += n; break; + default: + va_end(ap); + return NT_STATUS_INVALID_PARAMETER; } } va_end(ap); talloc_free(pointers); - return true; + return NT_STATUS_OK; } @@ -231,6 +249,10 @@ bool msrpc_parse(TALLOC_CTX *mem_ctx, char *p = talloc_array(mem_ctx, char, p_len); bool ret = true; + if (!p) { + return false; + } + va_start(ap, format); for (i=0; format[i]; i++) { switch (format[i]) { |