r2180: added RPC flags "padcheck" which enables checking of all received pad

bytes to make sure they are zero. Non-zero values usually indicate one
of two things:

 - the server is leaking data through sending uninitialised memory
 - we have mistaken a real field in the IDL for padding

to differentiate between the two you really need to run with
"print,padcheck" and look carefully at whether the non-zero pad bytes
are random or appear to be deliberate.
(This used to be commit 7fdb778f81f14aaab75ab204431e4342a462957a)

1 files changed, 8 insertions, 2 deletions

diff --git a/source4/librpc/ndr/libndr.h b/source4/librpc/ndr/libndr.h
index cea7290577..9940dc2c05 100644
--- a/source4/librpc/ndr/libndr.h
+++ b/source4/librpc/ndr/libndr.h
@@ -42,7 +42,7 @@ struct ndr_token_list {
 */
 struct ndr_pull {
 	uint32_t flags; /* LIBNDR_FLAG_* */
-	char *data;
+	uint8_t *data;
 	uint32_t data_size;
 	uint32_t offset;
 
@@ -62,7 +62,7 @@ struct ndr_pull_save {
 /* structure passed to functions that generate NDR formatted data */
 struct ndr_push {
 	uint32_t flags; /* LIBNDR_FLAG_* */
-	char *data;
+	uint8_t *data;
 	uint32_t alloc_size;
 	uint32_t offset;
 
@@ -112,6 +112,9 @@ struct ndr_print {
 /* used to force a section of IDL to be little-endian */
 #define LIBNDR_FLAG_LITTLE_ENDIAN (1<<17)
 
+/* used to check if alignment padding is zero */
+#define LIBNDR_FLAG_PAD_CHECK     (1<<18)
+
 
 /* useful macro for debugging */
 #define NDR_PRINT_DEBUG(type, p) ndr_print_debug((ndr_print_fn_t)ndr_print_ ##type, #p, p)
@@ -161,6 +164,9 @@ enum ndr_err_code {
 
 #define NDR_PULL_ALIGN(ndr, n) do { \
 	if (!(ndr->flags & LIBNDR_FLAG_NOALIGN)) { \
+		if (ndr->flags & LIBNDR_FLAG_PAD_CHECK) { \
+			ndr_check_padding(ndr, n); \
+		} \
 		ndr->offset = (ndr->offset + (n-1)) & ~(n-1); \
 	} \
 	if (ndr->offset >= ndr->data_size) { \