diff options
author | Andrew Bartlett <abartlet@samba.org> | 2006-07-25 00:57:27 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:10:20 -0500 |
commit | 9d6f2767179fad2f9a067c67c09afddb6304e4eb (patch) | |
tree | 152febe9acc01ebbe00c56494541cf9c23296399 /source4/lib/stream | |
parent | c047a88f41ffed47e2eb422f8efb594aae80d61e (diff) | |
download | samba-9d6f2767179fad2f9a067c67c09afddb6304e4eb.tar.gz samba-9d6f2767179fad2f9a067c67c09afddb6304e4eb.tar.bz2 samba-9d6f2767179fad2f9a067c67c09afddb6304e4eb.zip |
r17222: Change the function prototypes for the GENSEc and TLS socket creation
routines to return an NTSTATUS. This should help track down errors.
Use a bit of talloc_steal and talloc_unlink to get the real socket to
be a child of the GENSEC or TLS socket.
Always return a new socket, even for the 'pass-though' case.
Andrew Bartlett
(This used to be commit 003e2ab93c87267ba28cd67bd85975bad62a8ea2)
Diffstat (limited to 'source4/lib/stream')
-rw-r--r-- | source4/lib/stream/packet.c | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/source4/lib/stream/packet.c b/source4/lib/stream/packet.c index 2759c75214..0d14435486 100644 --- a/source4/lib/stream/packet.c +++ b/source4/lib/stream/packet.c @@ -270,6 +270,16 @@ _PUBLIC_ void packet_recv(struct packet_context *pc) return; } + if (npending + pc->num_read < npending) { + packet_error(pc, NT_STATUS_INVALID_PARAMETER); + return; + } + + if (npending + pc->num_read < pc->num_read) { + packet_error(pc, NT_STATUS_INVALID_PARAMETER); + return; + } + /* possibly expand the partial packet buffer */ if (npending + pc->num_read > pc->partial.length) { status = data_blob_realloc(pc, &pc->partial, npending+pc->num_read); @@ -279,6 +289,20 @@ _PUBLIC_ void packet_recv(struct packet_context *pc) } } + if (pc->partial.length < pc->num_read + npending) { + packet_error(pc, NT_STATUS_INVALID_PARAMETER); + return; + } + + if ((uint8_t *)pc->partial.data + pc->num_read < (uint8_t *)pc->partial.data) { + packet_error(pc, NT_STATUS_INVALID_PARAMETER); + return; + } + if ((uint8_t *)pc->partial.data + pc->num_read + npending < (uint8_t *)pc->partial.data) { + packet_error(pc, NT_STATUS_INVALID_PARAMETER); + return; + } + status = socket_recv(pc->sock, pc->partial.data + pc->num_read, npending, &nread); @@ -337,6 +361,7 @@ next_partial: packet_error(pc, NT_STATUS_NO_MEMORY); return; } + /* Trunate the blob sent to the caller to only the packet length */ status = data_blob_realloc(pc, &blob, pc->packet_size); if (!NT_STATUS_IS_OK(status)) { packet_error(pc, status); |