diff options
author | Andrew Tridgell <tridge@samba.org> | 2005-07-17 09:08:19 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:29:34 -0500 |
commit | 92760db79c27e4ffb68401c9893f3276b2f8259e (patch) | |
tree | ef30b35438ef24d1e9628f0f05c46a06b6a971d8 /source4 | |
parent | 6e4bcaffa051f69f4e6595cf7d659ec22a22ef21 (diff) | |
download | samba-92760db79c27e4ffb68401c9893f3276b2f8259e.tar.gz samba-92760db79c27e4ffb68401c9893f3276b2f8259e.tar.bz2 samba-92760db79c27e4ffb68401c9893f3276b2f8259e.zip |
r8518: ensure all constructed NDR packets are null terminated. This is needed
by the new ldb code dealing with binary records, but is also a good
defensive strategy in general
(This used to be commit 17decd129928290a6916a1d1cec73dad924d64f8)
Diffstat (limited to 'source4')
-rw-r--r-- | source4/librpc/ndr/ndr.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/source4/librpc/ndr/ndr.c b/source4/librpc/ndr/ndr.c index 4614a077a8..3f2b797fee 100644 --- a/source4/librpc/ndr/ndr.c +++ b/source4/librpc/ndr/ndr.c @@ -165,13 +165,14 @@ DATA_BLOB ndr_push_blob(struct ndr_push *ndr) */ NTSTATUS ndr_push_expand(struct ndr_push *ndr, uint32_t size) { - if (ndr->alloc_size >= size) { + if (ndr->alloc_size > size) { + ndr->data[size] = 0; return NT_STATUS_OK; } ndr->alloc_size += NDR_BASE_MARSHALL_SIZE; - if (size > ndr->alloc_size) { - ndr->alloc_size = size; + if (size+1 > ndr->alloc_size) { + ndr->alloc_size = size+1; } ndr->data = talloc_realloc(ndr, ndr->data, uint8_t, ndr->alloc_size); if (!ndr->data) { @@ -346,7 +347,7 @@ NTSTATUS ndr_pull_subcontext_header(struct ndr_pull *ndr, NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &content_size)); if (size_is >= 0 && size_is != content_size) { return ndr_pull_error(ndr, NDR_ERR_SUBCONTEXT, "Bad subcontext (PULL) size_is(%d) mismatch content_size %d", - size_is, content_size); + (int)size_is, (int)content_size); } NDR_CHECK(ndr_pull_subcontext(ndr, ndr2, content_size)); break; @@ -357,14 +358,14 @@ NTSTATUS ndr_pull_subcontext_header(struct ndr_pull *ndr, NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &content_size)); if (size_is >= 0 && size_is != content_size) { return ndr_pull_error(ndr, NDR_ERR_SUBCONTEXT, "Bad subcontext (PULL) size_is(%d) mismatch content_size %d", - size_is, content_size); + (int)size_is, (int)content_size); } NDR_CHECK(ndr_pull_subcontext(ndr, ndr2, content_size)); break; } default: return ndr_pull_error(ndr, NDR_ERR_SUBCONTEXT, "Bad subcontext (PULL) header_size %d", - header_size); + (int)header_size); } return NT_STATUS_OK; } @@ -383,7 +384,7 @@ NTSTATUS ndr_push_subcontext_header(struct ndr_push *ndr, NDR_CHECK(ndr_push_zero(ndr2, padding_len)); } else if (padding_len < 0) { return ndr_push_error(ndr, NDR_ERR_SUBCONTEXT, "Bad subcontext (PUSH) content_size %d is larger than size_is(%d)", - ndr2->offset, size_is); + (int)ndr2->offset, (int)size_is); } } @@ -401,7 +402,7 @@ NTSTATUS ndr_push_subcontext_header(struct ndr_push *ndr, default: return ndr_push_error(ndr, NDR_ERR_SUBCONTEXT, "Bad subcontext header size %d", - header_size); + (int)header_size); } return NT_STATUS_OK; } |