diff options
| author | Luke Leighton <lkcl@samba.org> | 1998-10-20 16:24:57 +0000 |
|---|---|---|
| committer | Luke Leighton <lkcl@samba.org> | 1998-10-20 16:24:57 +0000 |
| commit | 476d0fd23682452d0d9f56ff2e166243d74cfdbc (patch) | |
| tree | 1c2651a448f0bd886d95102a2a6b7b516806327c /source3/rpc_parse | |
| parent | 2a0141c50f46f85eed075937fe05a37c6b54169a (diff) | |
| download | samba-476d0fd23682452d0d9f56ff2e166243d74cfdbc.tar.gz samba-476d0fd23682452d0d9f56ff2e166243d74cfdbc.tar.bz2 samba-476d0fd23682452d0d9f56ff2e166243d74cfdbc.zip | |
calls to prs_grow() on array structures so that data construction doesn't
over-run buffers
(This used to be commit 06cc6eaa50fa4b673d527e91740f9d2d2b16d367)
Diffstat (limited to 'source3/rpc_parse')
| -rw-r--r-- | source3/rpc_parse/parse_samr.c | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index a443191a7a..5797fab31f 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -999,11 +999,13 @@ static void sam_io_sam_info_2(char *desc, SAM_INFO_2 *sam, prs_struct *ps, int for (i = 0; i < sam->num_entries; i++) { + prs_grow(ps); sam_io_sam_entry2("", &(sam->sam[i]), ps, depth); } for (i = 0; i < sam->num_entries; i++) { + prs_grow(ps); sam_io_sam_str2 ("", &(sam->str[i]), sam->sam[i].hdr_srv_name.buffer, sam->sam[i].hdr_srv_desc.buffer, @@ -1082,11 +1084,13 @@ static void sam_io_sam_info_1(char *desc, SAM_INFO_1 *sam, prs_struct *ps, int for (i = 0; i < sam->num_entries; i++) { + prs_grow(ps); sam_io_sam_entry1("", &(sam->sam[i]), ps, depth); } for (i = 0; i < sam->num_entries; i++) { + prs_grow(ps); sam_io_sam_str1 ("", &(sam->str[i]), sam->sam[i].hdr_acct_name.buffer, sam->sam[i].hdr_user_name.buffer, @@ -1300,11 +1304,13 @@ void samr_io_r_enum_dom_groups(char *desc, SAMR_R_ENUM_DOM_GROUPS *r_u, prs_str for (i = 0; i < r_u->num_entries; i++) { + prs_grow(ps); sam_io_sam_entry3("", &(r_u->sam[i]), ps, depth); } for (i = 0; i < r_u->num_entries; i++) { + prs_grow(ps); sam_io_sam_str3 ("", &(r_u->str[i]), r_u->sam[i].hdr_grp_name.buffer, r_u->sam[i].hdr_grp_desc.buffer, @@ -1472,6 +1478,7 @@ void samr_io_q_lookup_ids(char *desc, SAMR_Q_LOOKUP_IDS *q_u, prs_struct *ps, i { if (q_u->ptr_sid[i] != 0) { + prs_grow(ps); slprintf(tmp, sizeof(tmp)-1, "sid[%02d]", i); smb_io_dom_sid2(tmp, &(q_u->sid[i]), ps, depth); } @@ -1573,10 +1580,12 @@ void samr_io_q_lookup_names(char *desc, SAMR_Q_LOOKUP_NAMES *q_u, prs_struct *p for (i = 0; i < q_u->num_rids2; i++) { + prs_grow(ps); smb_io_unihdr ("", &(q_u->hdr_user_name[i]), ps, depth); } for (i = 0; i < q_u->num_rids2; i++) { + prs_grow(ps); smb_io_unistr2("", &(q_u->uni_user_name[i]), q_u->hdr_user_name[i].buffer, ps, depth); } @@ -1644,6 +1653,7 @@ void samr_io_r_lookup_names(char *desc, SAMR_R_LOOKUP_NAMES *r_u, prs_struct *p for (i = 0; i < r_u->num_entries2; i++) { + prs_grow(ps); smb_io_dom_rid3("", &(r_u->dom_rid[i]), ps, depth); } @@ -1681,6 +1691,7 @@ void samr_io_q_unknown_12(char *desc, SAMR_Q_UNKNOWN_12 *q_u, prs_struct *ps, i for (i = 0; i < q_u->num_gids2; i++) { + prs_grow(ps); slprintf(tmp, sizeof(tmp) - 1, "gid[%02d] ", i); prs_uint32(tmp, ps, depth, &(q_u->gid[i])); } @@ -1759,11 +1770,13 @@ void samr_io_r_unknown_12(char *desc, SAMR_R_UNKNOWN_12 *r_u, prs_struct *ps, i for (i = 0; i < r_u->num_aliases2; i++) { + prs_grow(ps); slprintf(tmp, sizeof(tmp) - 1, "als_hdr[%02d] ", i); smb_io_unihdr ("", &(r_u->hdr_als_name[i]), ps, depth); } for (i = 0; i < r_u->num_aliases2; i++) { + prs_grow(ps); slprintf(tmp, sizeof(tmp) - 1, "als_str[%02d] ", i); smb_io_unistr2("", &(r_u->uni_als_name[i]), r_u->hdr_als_name[i].buffer, ps, depth); } @@ -1781,6 +1794,7 @@ void samr_io_r_unknown_12(char *desc, SAMR_R_UNKNOWN_12 *r_u, prs_struct *ps, i for (i = 0; i < r_u->num_als_usrs2; i++) { + prs_grow(ps); slprintf(tmp, sizeof(tmp) - 1, "als_usrs[%02d] ", i); prs_uint32(tmp, ps, depth, &(r_u->num_als_usrs[i])); } @@ -1931,6 +1945,7 @@ void samr_io_r_query_usergroups(char *desc, SAMR_R_QUERY_USERGROUPS *r_u, prs_s for (i = 0; i < r_u->num_entries2; i++) { + prs_grow(ps); smb_io_gid("", &(r_u->gid[i]), ps, depth); } } @@ -2413,7 +2428,7 @@ void make_samr_q_connect_anon(SAMR_Q_CONNECT_ANON *q_u) DEBUG(5,("make_q_connect_anon\n")); q_u->ptr = 1; - q_u->unknown_0 = 0x5c; + q_u->unknown_0 = 0x5c; /* server name (?!!) */ q_u->unknown_1 = 0x01; q_u->unknown_2 = 0x20; } @@ -2531,8 +2546,6 @@ void make_samr_q_unknown_12(SAMR_Q_UNKNOWN_12 *q_u, } - - /******************************************************************* makes a SAMR_Q_UNKNOWN_21 structure. ********************************************************************/ @@ -2743,11 +2756,13 @@ void samr_io_q_chgpasswd_user(char *desc, SAMR_Q_CHGPASSWD_USER *q_u, prs_struct smb_io_unistr2("", &(q_u->uni_user_name), q_u->hdr_user_name.buffer, ps, depth); samr_io_enc_passwd("nt_newpass", &(q_u->nt_newpass), ps, depth); + prs_grow(ps); samr_io_enc_hash ("nt_oldhash", &(q_u->nt_oldhash), ps, depth); prs_uint32("unknown", ps, depth, &(q_u->unknown)); samr_io_enc_passwd("lm_newpass", &(q_u->lm_newpass), ps, depth); + prs_grow(ps); samr_io_enc_hash ("lm_oldhash", &(q_u->lm_oldhash), ps, depth); } |