summaryrefslogtreecommitdiff
path: root/source4/librpc/ndr
diff options
context:
space:
mode:
authorJelmer Vernooij <jelmer@samba.org>2005-10-18 14:12:33 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:44:54 -0500
commit087dd76232b8e7471db5f90fff4e49b2359f1557 (patch)
tree29ca1959191ea3f4e49b7d80bb1bc2837b67b21d /source4/librpc/ndr
parentbf59ef9d72b97b5e972ee84d410db8cbd2e2588e (diff)
downloadsamba-087dd76232b8e7471db5f90fff4e49b2359f1557.tar.gz
samba-087dd76232b8e7471db5f90fff4e49b2359f1557.tar.bz2
samba-087dd76232b8e7471db5f90fff4e49b2359f1557.zip
r11141: Re-add paranoid string terminator check
(This used to be commit 55805b5ed9493160ff17c26d2e1361947f368707)
Diffstat (limited to 'source4/librpc/ndr')
-rw-r--r--source4/librpc/ndr/ndr_string.c15
1 files changed, 9 insertions, 6 deletions
diff --git a/source4/librpc/ndr/ndr_string.c b/source4/librpc/ndr/ndr_string.c
index 1a922e2880..96f48edda9 100644
--- a/source4/librpc/ndr/ndr_string.c
+++ b/source4/librpc/ndr/ndr_string.c
@@ -612,21 +612,24 @@ uint32_t ndr_string_length(const void *_var, uint32_t element_size)
return i+1;
}
-NTSTATUS ndr_check_string_terminator(struct ndr_pull *ndr, const void *_var, uint32_t count, uint32_t element_size)
+NTSTATUS ndr_check_string_terminator(struct ndr_pull *ndr, uint32_t count, uint32_t element_size)
{
- const char *var = _var;
uint32_t i;
+ struct ndr_pull_save save_offset;
- var += element_size*(count-1);
+ ndr_pull_save(ndr, &save_offset);
+ ndr_pull_advance(ndr, (count - 1) * element_size);
+ NDR_PULL_NEED_BYTES(ndr, element_size);
for (i = 0; i < element_size; i++) {
- if (var[i] != 0) {
- return NT_STATUS_UNSUCCESSFUL;
+ if (ndr->data[ndr->offset+i] != 0) {
+ return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "String terminator not present or outside string boundaries");
}
}
- return NT_STATUS_OK;
+ ndr_pull_restore(ndr, &save_offset);
+ return NT_STATUS_OK;
}
NTSTATUS ndr_pull_charset(struct ndr_pull *ndr, int ndr_flags, const char **var, uint32_t length, uint8_t byte_mul, int chset)