summaryrefslogtreecommitdiff
path: root/source4/lib/stream
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2006-07-25 00:57:27 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:10:20 -0500
commit9d6f2767179fad2f9a067c67c09afddb6304e4eb (patch)
tree152febe9acc01ebbe00c56494541cf9c23296399 /source4/lib/stream
parentc047a88f41ffed47e2eb422f8efb594aae80d61e (diff)
downloadsamba-9d6f2767179fad2f9a067c67c09afddb6304e4eb.tar.gz
samba-9d6f2767179fad2f9a067c67c09afddb6304e4eb.tar.bz2
samba-9d6f2767179fad2f9a067c67c09afddb6304e4eb.zip
r17222: Change the function prototypes for the GENSEc and TLS socket creation
routines to return an NTSTATUS. This should help track down errors. Use a bit of talloc_steal and talloc_unlink to get the real socket to be a child of the GENSEC or TLS socket. Always return a new socket, even for the 'pass-though' case. Andrew Bartlett (This used to be commit 003e2ab93c87267ba28cd67bd85975bad62a8ea2)
Diffstat (limited to 'source4/lib/stream')
-rw-r--r--source4/lib/stream/packet.c25
1 files changed, 25 insertions, 0 deletions
diff --git a/source4/lib/stream/packet.c b/source4/lib/stream/packet.c
index 2759c75214..0d14435486 100644
--- a/source4/lib/stream/packet.c
+++ b/source4/lib/stream/packet.c
@@ -270,6 +270,16 @@ _PUBLIC_ void packet_recv(struct packet_context *pc)
return;
}
+ if (npending + pc->num_read < npending) {
+ packet_error(pc, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
+
+ if (npending + pc->num_read < pc->num_read) {
+ packet_error(pc, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
+
/* possibly expand the partial packet buffer */
if (npending + pc->num_read > pc->partial.length) {
status = data_blob_realloc(pc, &pc->partial, npending+pc->num_read);
@@ -279,6 +289,20 @@ _PUBLIC_ void packet_recv(struct packet_context *pc)
}
}
+ if (pc->partial.length < pc->num_read + npending) {
+ packet_error(pc, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
+
+ if ((uint8_t *)pc->partial.data + pc->num_read < (uint8_t *)pc->partial.data) {
+ packet_error(pc, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
+ if ((uint8_t *)pc->partial.data + pc->num_read + npending < (uint8_t *)pc->partial.data) {
+ packet_error(pc, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
+
status = socket_recv(pc->sock, pc->partial.data + pc->num_read,
npending, &nread);
@@ -337,6 +361,7 @@ next_partial:
packet_error(pc, NT_STATUS_NO_MEMORY);
return;
}
+ /* Trunate the blob sent to the caller to only the packet length */
status = data_blob_realloc(pc, &blob, pc->packet_size);
if (!NT_STATUS_IS_OK(status)) {
packet_error(pc, status);