summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/ntlmssp_parse.c145
1 files changed, 98 insertions, 47 deletions
diff --git a/source3/libsmb/ntlmssp_parse.c b/source3/libsmb/ntlmssp_parse.c
index 76194d5974..ac8846ad1e 100644
--- a/source3/libsmb/ntlmssp_parse.c
+++ b/source3/libsmb/ntlmssp_parse.c
@@ -1,20 +1,20 @@
-/*
+/*
Unix SMB/CIFS implementation.
simple kerberos5/SPNEGO routines
Copyright (C) Andrew Tridgell 2001
Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002
Copyright (C) Andrew Bartlett 2002-2003
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -89,7 +89,9 @@ bool msrpc_gen(DATA_BLOB *blob,
}
va_end(ap);
- /* allocate the space, then scan the format again to fill in the values */
+ /* allocate the space, then scan the format
+ * again to fill in the values */
+
*blob = data_blob(NULL, head_size + data_size);
head_ofs = 0;
@@ -104,7 +106,8 @@ bool msrpc_gen(DATA_BLOB *blob,
SSVAL(blob->data, head_ofs, n*2); head_ofs += 2;
SSVAL(blob->data, head_ofs, n*2); head_ofs += 2;
SIVAL(blob->data, head_ofs, data_ofs); head_ofs += 4;
- push_string(NULL, blob->data+data_ofs, s, n*2, STR_UNICODE|STR_NOALIGN);
+ push_string(NULL, blob->data+data_ofs,
+ s, n*2, STR_UNICODE|STR_NOALIGN);
data_ofs += n*2;
break;
case 'A':
@@ -113,7 +116,8 @@ bool msrpc_gen(DATA_BLOB *blob,
SSVAL(blob->data, head_ofs, n); head_ofs += 2;
SSVAL(blob->data, head_ofs, n); head_ofs += 2;
SIVAL(blob->data, head_ofs, data_ofs); head_ofs += 4;
- push_string(NULL, blob->data+data_ofs, s, n, STR_ASCII|STR_NOALIGN);
+ push_string(NULL, blob->data+data_ofs,
+ s, n, STR_ASCII|STR_NOALIGN);
data_ofs += n;
break;
case 'a':
@@ -159,7 +163,7 @@ bool msrpc_gen(DATA_BLOB *blob,
}
va_end(ap);
- return True;
+ return true;
}
@@ -193,7 +197,6 @@ bool msrpc_parse(const DATA_BLOB *blob,
uint16 len1, len2;
uint32 ptr;
uint32 *v;
- pstring p;
va_start(ap, format);
for (i=0; format[i]; i++) {
@@ -208,23 +211,37 @@ bool msrpc_parse(const DATA_BLOB *blob,
if (len1 == 0 && len2 == 0) {
*ps = smb_xstrdup("");
} else {
- /* make sure its in the right format - be strict */
- if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
- return False;
+ /* make sure its in the right format
+ * be strict */
+ if ((len1 != len2) || (ptr + len1 < ptr) ||
+ (ptr + len1 < len1) ||
+ (ptr + len1 > blob->length)) {
+ return false;
}
if (len1 & 1) {
/* if odd length and unicode */
- return False;
+ return false;
}
- if (blob->data + ptr < (uint8 *)(unsigned long)ptr || blob->data + ptr < blob->data)
- return False;
+ if (blob->data + ptr <
+ (uint8 *)(unsigned long)ptr ||
+ blob->data + ptr < blob->data)
+ return false;
if (0 < len1) {
- pull_string(
- NULL, 0, p,
- blob->data + ptr, sizeof(p),
- len1, STR_UNICODE|STR_NOALIGN);
- (*ps) = smb_xstrdup(p);
+ char *p = NULL;
+ pull_string_talloc(talloc_tos(),
+ NULL,
+ 0,
+ &p,
+ blob->data + ptr,
+ len1,
+ STR_UNICODE|STR_NOALIGN);
+ if (p) {
+ (*ps) = smb_xstrdup(p);
+ TALLOC_FREE(p);
+ } else {
+ (*ps) = smb_xstrdup("");
+ }
} else {
(*ps) = smb_xstrdup("");
}
@@ -241,19 +258,32 @@ bool msrpc_parse(const DATA_BLOB *blob,
if (len1 == 0 && len2 == 0) {
*ps = smb_xstrdup("");
} else {
- if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
- return False;
+ if ((len1 != len2) || (ptr + len1 < ptr) ||
+ (ptr + len1 < len1) ||
+ (ptr + len1 > blob->length)) {
+ return false;
}
- if (blob->data + ptr < (uint8 *)(unsigned long)ptr || blob->data + ptr < blob->data)
- return False;
+ if (blob->data + ptr <
+ (uint8 *)(unsigned long)ptr ||
+ blob->data + ptr < blob->data)
+ return false;
if (0 < len1) {
- pull_string(
- NULL, 0, p,
- blob->data + ptr, sizeof(p),
- len1, STR_ASCII|STR_NOALIGN);
- (*ps) = smb_xstrdup(p);
+ char *p = NULL;
+ pull_string_talloc(talloc_tos(),
+ NULL,
+ 0,
+ &p,
+ blob->data + ptr,
+ len1,
+ STR_ASCII|STR_NOALIGN);
+ if (p) {
+ (*ps) = smb_xstrdup(p);
+ TALLOC_FREE(p);
+ } else {
+ (*ps) = smb_xstrdup("");
+ }
} else {
(*ps) = smb_xstrdup("");
}
@@ -269,14 +299,19 @@ bool msrpc_parse(const DATA_BLOB *blob,
if (len1 == 0 && len2 == 0) {
*b = data_blob_null;
} else {
- /* make sure its in the right format - be strict */
- if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
- return False;
+ /* make sure its in the right format
+ * be strict */
+ if ((len1 != len2) || (ptr + len1 < ptr) ||
+ (ptr + len1 < len1) ||
+ (ptr + len1 > blob->length)) {
+ return false;
}
- if (blob->data + ptr < (uint8 *)(unsigned long)ptr || blob->data + ptr < blob->data)
- return False;
-
+ if (blob->data + ptr <
+ (uint8 *)(unsigned long)ptr ||
+ blob->data + ptr < blob->data)
+ return false;
+
*b = data_blob(blob->data + ptr, len1);
}
break;
@@ -285,9 +320,11 @@ bool msrpc_parse(const DATA_BLOB *blob,
len1 = va_arg(ap, unsigned);
/* make sure its in the right format - be strict */
NEED_DATA(len1);
- if (blob->data + head_ofs < (uint8 *)head_ofs || blob->data + head_ofs < blob->data)
- return False;
-
+ if (blob->data + head_ofs < (uint8 *)head_ofs ||
+ blob->data + head_ofs < blob->data) {
+ return false;
+ }
+
*b = data_blob(blob->data + head_ofs, len1);
head_ofs += len1;
break;
@@ -299,15 +336,29 @@ bool msrpc_parse(const DATA_BLOB *blob,
case 'C':
s = va_arg(ap, char *);
- if (blob->data + head_ofs < (uint8 *)head_ofs || blob->data + head_ofs < blob->data)
- return False;
-
- head_ofs += pull_string(
- NULL, 0, p, blob->data+head_ofs, sizeof(p),
- blob->length - head_ofs,
- STR_ASCII|STR_TERMINATE);
- if (strcmp(s, p) != 0) {
- return False;
+ if (blob->data + head_ofs < (uint8 *)head_ofs ||
+ blob->data + head_ofs < blob->data) {
+ return false;
+ }
+
+ {
+ char *p = NULL;
+ size_t ret = pull_string_talloc(talloc_tos(),
+ NULL,
+ 0,
+ &p,
+ blob->data+head_ofs,
+ blob->length - head_ofs,
+ STR_ASCII|STR_TERMINATE);
+ if (ret == (size_t)-1 || p == NULL) {
+ return false;
+ }
+ head_ofs += ret;
+ if (strcmp(s, p) != 0) {
+ TALLOC_FREE(p);
+ return false;
+ }
+ TALLOC_FREE(p);
}
break;
}