diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2004-05-02 08:45:00 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:51:42 -0500 |
| commit | 9f084101dd392ceb85f141f55ee56bed344626ef (patch) | |
| tree | 2a9884d8e99e28b9dbfb153575e32c5b8bb9ef4c /source4/libcli/auth/ntlmssp_parse.c | |
| parent | 585d87a9590ecf64681700d70c37e5276ee8514a (diff) | |
| download | samba-9f084101dd392ceb85f141f55ee56bed344626ef.tar.gz samba-9f084101dd392ceb85f141f55ee56bed344626ef.tar.bz2 samba-9f084101dd392ceb85f141f55ee56bed344626ef.zip | |
r443: Update Samba4 to the auth and NTLMSSP code from Samba3.
Not all the auth code is merged - only those parts that are actually
being used in Samba4.
There is a lot more work to do in the NTLMSSP area, and I hope to
develop that work here. There is a start on this here - splitting
NTLMSSP into two parts that my operate in an async fashion (before and
after the actual authentication)
Andrew Bartlett
(This used to be commit 5876c78806e6a6c44613a1354e8d564b427d0c9f)
Diffstat (limited to 'source4/libcli/auth/ntlmssp_parse.c')
| -rw-r--r-- | source4/libcli/auth/ntlmssp_parse.c | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/source4/libcli/auth/ntlmssp_parse.c b/source4/libcli/auth/ntlmssp_parse.c index 3444db0306..4b3043aec8 100644 --- a/source4/libcli/auth/ntlmssp_parse.c +++ b/source4/libcli/auth/ntlmssp_parse.c @@ -216,7 +216,9 @@ BOOL msrpc_parse(const DATA_BLOB *blob, /* if odd length and unicode */ return False; } - + if (blob->data + ptr < (uint8 *)ptr || blob->data + ptr < blob->data) + return False; + if (0 < len1) { pull_string(NULL, p, blob->data + ptr, sizeof(p), len1, @@ -241,7 +243,10 @@ BOOL msrpc_parse(const DATA_BLOB *blob, if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) { return False; } - + + if (blob->data + ptr < (uint8 *)ptr || blob->data + ptr < blob->data) + return False; + if (0 < len1) { pull_string(NULL, p, blob->data + ptr, sizeof(p), len1, @@ -266,6 +271,10 @@ BOOL msrpc_parse(const DATA_BLOB *blob, if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) { return False; } + + if (blob->data + ptr < (uint8 *)ptr || blob->data + ptr < blob->data) + return False; + *b = data_blob(blob->data + ptr, len1); } break; @@ -274,6 +283,9 @@ BOOL msrpc_parse(const DATA_BLOB *blob, len1 = va_arg(ap, unsigned); /* make sure its in the right format - be strict */ NEED_DATA(len1); + if (blob->data + head_ofs < (uint8 *)head_ofs || blob->data + head_ofs < blob->data) + return False; + *b = data_blob(blob->data + head_ofs, len1); head_ofs += len1; break; @@ -284,6 +296,10 @@ BOOL msrpc_parse(const DATA_BLOB *blob, break; case 'C': s = va_arg(ap, char *); + + if (blob->data + head_ofs < (uint8 *)head_ofs || blob->data + head_ofs < blob->data) + return False; + head_ofs += pull_string(NULL, p, blob->data+head_ofs, sizeof(p), blob->length - head_ofs, STR_ASCII|STR_TERMINATE); |