summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2008-11-08 16:48:20 +0100
committerVolker Lendecke <vl@samba.org>2008-11-28 08:24:37 +0100
commit9a3be6f0f8e120797a02fa1be60b51812cfd86f5 (patch)
treed2fa5cd4e774e56a9fc000b611e5fce06da60996 /source3
parent738271fc2026b2911b7d20a73496989641714df3 (diff)
downloadsamba-9a3be6f0f8e120797a02fa1be60b51812cfd86f5.tar.gz
samba-9a3be6f0f8e120797a02fa1be60b51812cfd86f5.tar.bz2
samba-9a3be6f0f8e120797a02fa1be60b51812cfd86f5.zip
Move cli_trans_oob to lib/util.c
Rename it to trans_oob, it will be used in the server routines.
Diffstat (limited to 'source3')
-rw-r--r--source3/include/proto.h1
-rw-r--r--source3/lib/util.c19
-rw-r--r--source3/libsmb/clitrans.c21
3 files changed, 24 insertions, 17 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 73be87b6fc..71f12a6844 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1251,6 +1251,7 @@ char *procid_str_static(const struct server_id *pid);
bool procid_valid(const struct server_id *pid);
bool procid_is_local(const struct server_id *pid);
int this_is_smp(void);
+bool trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length);
bool is_offset_safe(const char *buf_base, size_t buf_len, char *ptr, size_t off);
char *get_safe_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off);
char *get_safe_str_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off);
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 5007fb72ef..074b523ae0 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -2879,6 +2879,25 @@ int this_is_smp(void)
}
/****************************************************************
+ Check if offset/length fit into bufsize. Should probably be
+ merged with is_offset_safe, but this would require a rewrite
+ of lanman.c. Later :-)
+****************************************************************/
+
+bool trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length)
+{
+ if ((offset + length < offset) || (offset + length < length)) {
+ /* wrap */
+ return true;
+ }
+ if ((offset > bufsize) || (offset + length > bufsize)) {
+ /* overflow */
+ return true;
+ }
+ return false;
+}
+
+/****************************************************************
Check if an offset into a buffer is safe.
If this returns True it's safe to indirect into the byte at
pointer ptr+off.
diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c
index c929f0b7a9..bbdfb75fcd 100644
--- a/source3/libsmb/clitrans.c
+++ b/source3/libsmb/clitrans.c
@@ -978,19 +978,6 @@ static void cli_trans_ship_rest(struct async_req *req,
}
}
-static bool cli_trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length)
-{
- if ((offset + length < offset) || (offset + length < length)) {
- /* wrap */
- return true;
- }
- if ((offset > bufsize) || (offset + length > bufsize)) {
- /* overflow */
- return true;
- }
- return false;
-}
-
static NTSTATUS cli_pull_trans(struct async_req *req,
struct cli_request *cli_req,
uint8_t smb_cmd, bool expect_first_reply,
@@ -1072,10 +1059,10 @@ static NTSTATUS cli_pull_trans(struct async_req *req,
* length. Likewise for param_ofs/param_disp.
*/
- if (cli_trans_oob(smb_len(cli_req->inbuf), param_ofs, *pnum_param)
- || cli_trans_oob(*ptotal_param, *pparam_disp, *pnum_param)
- || cli_trans_oob(smb_len(cli_req->inbuf), data_ofs, *pnum_data)
- || cli_trans_oob(*ptotal_data, *pdata_disp, *pnum_data)) {
+ if (trans_oob(smb_len(cli_req->inbuf), param_ofs, *pnum_param)
+ || trans_oob(*ptotal_param, *pparam_disp, *pnum_param)
+ || trans_oob(smb_len(cli_req->inbuf), data_ofs, *pnum_data)
+ || trans_oob(*ptotal_data, *pdata_disp, *pnum_data)) {
return NT_STATUS_INVALID_NETWORK_RESPONSE;
}