summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2005-08-17 03:30:45 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:33:27 -0500
commit212af7e08ae655bdb36bb77dced8161dcfe09240 (patch)
treebc68bb0b8a9eb4e7309b96d410f53ba6051e5905 /source4
parent5bf803ff82c169698bf363ccd2c935aeb8830742 (diff)
downloadsamba-212af7e08ae655bdb36bb77dced8161dcfe09240.tar.gz
samba-212af7e08ae655bdb36bb77dced8161dcfe09240.tar.bz2
samba-212af7e08ae655bdb36bb77dced8161dcfe09240.zip
r9347: this array bounds checking is harder than it looks ...
this copes with 2 more situations: 1) where the array is NULL, which would previously be coped with by a if (ptr) check, but now in the deferred array bounds checking needs to look at the array variable in the ndr code. Not nice. 2) nest the array checking along with the SCALARS vs BUFFERS checks, ensuring we don't do array bounds checking for a buffer when in scalars only mode (This used to be commit ad1b9867a5a14bc9ed2e1a5eb8f05bb2046bc645)
Diffstat (limited to 'source4')
-rw-r--r--source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm6
-rw-r--r--source4/librpc/ndr/ndr.c8
2 files changed, 12 insertions, 2 deletions
diff --git a/source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm b/source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm
index 87b99c5ef8..65b9ed57bc 100644
--- a/source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm
+++ b/source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm
@@ -1330,6 +1330,8 @@ sub ParseStructPull($$)
ParseElementPull($e, "ndr", "r->", $env, 1, 0);
}
+ add_deferred();
+
deindent;
pidl "}";
pidl "if (ndr_flags & NDR_BUFFERS) {";
@@ -1343,11 +1345,11 @@ sub ParseStructPull($$)
ParseElementPull($e, "ndr", "r->", $env, 0, 1);
}
+ add_deferred();
+
deindent;
pidl "}";
- add_deferred();
-
end_flags($struct);
# restore the old relative_base_offset
pidl "ndr_pull_restore_relative_base_offset(ndr, _save_relative_base_offset);" if defined($struct->{PROPERTIES}{relative_base});
diff --git a/source4/librpc/ndr/ndr.c b/source4/librpc/ndr/ndr.c
index 3a291c2cf8..2cbb83a0f4 100644
--- a/source4/librpc/ndr/ndr.c
+++ b/source4/librpc/ndr/ndr.c
@@ -493,6 +493,10 @@ uint32_t ndr_get_array_size(struct ndr_pull *ndr, const void *p)
NTSTATUS ndr_check_array_size(struct ndr_pull *ndr, void *p, uint32_t size)
{
uint32_t stored;
+ /* a NULL array is OK */
+ if (*(void **)p == NULL) {
+ return NT_STATUS_OK;
+ }
stored = ndr_token_peek(&ndr->array_size_list, p);
if (stored != size) {
return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE,
@@ -531,6 +535,10 @@ uint32_t ndr_get_array_length(struct ndr_pull *ndr, const void *p)
NTSTATUS ndr_check_array_length(struct ndr_pull *ndr, void *p, uint32_t length)
{
uint32_t stored;
+ /* a NULL array is OK */
+ if (*(void **)p == NULL) {
+ return NT_STATUS_OK;
+ }
stored = ndr_token_peek(&ndr->array_length_list, p);
if (stored != length) {
return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE,