diff options
Diffstat (limited to 'source4/lib')
| -rw-r--r-- | source4/lib/stream/packet.c | 25 | ||||
| -rw-r--r-- | source4/lib/tls/tls.c | 24 |
2 files changed, 39 insertions, 10 deletions
diff --git a/source4/lib/stream/packet.c b/source4/lib/stream/packet.c index 2759c75214..0d14435486 100644 --- a/source4/lib/stream/packet.c +++ b/source4/lib/stream/packet.c @@ -270,6 +270,16 @@ _PUBLIC_ void packet_recv(struct packet_context *pc) return; } + if (npending + pc->num_read < npending) { + packet_error(pc, NT_STATUS_INVALID_PARAMETER); + return; + } + + if (npending + pc->num_read < pc->num_read) { + packet_error(pc, NT_STATUS_INVALID_PARAMETER); + return; + } + /* possibly expand the partial packet buffer */ if (npending + pc->num_read > pc->partial.length) { status = data_blob_realloc(pc, &pc->partial, npending+pc->num_read); @@ -279,6 +289,20 @@ _PUBLIC_ void packet_recv(struct packet_context *pc) } } + if (pc->partial.length < pc->num_read + npending) { + packet_error(pc, NT_STATUS_INVALID_PARAMETER); + return; + } + + if ((uint8_t *)pc->partial.data + pc->num_read < (uint8_t *)pc->partial.data) { + packet_error(pc, NT_STATUS_INVALID_PARAMETER); + return; + } + if ((uint8_t *)pc->partial.data + pc->num_read + npending < (uint8_t *)pc->partial.data) { + packet_error(pc, NT_STATUS_INVALID_PARAMETER); + return; + } + status = socket_recv(pc->sock, pc->partial.data + pc->num_read, npending, &nread); @@ -337,6 +361,7 @@ next_partial: packet_error(pc, NT_STATUS_NO_MEMORY); return; } + /* Trunate the blob sent to the caller to only the packet length */ status = data_blob_realloc(pc, &blob, pc->packet_size); if (!NT_STATUS_IS_OK(status)) { packet_error(pc, status); diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c index f9213af2a7..9a37dd0bc3 100644 --- a/source4/lib/tls/tls.c +++ b/source4/lib/tls/tls.c @@ -433,9 +433,9 @@ init_failed: setup for a new connection */ struct socket_context *tls_init_server(struct tls_params *params, - struct socket_context *socket, - struct fd_event *fde, - const char *plain_chars) + struct socket_context *socket, + struct fd_event *fde, + const char *plain_chars) { struct tls_context *tls; int ret; @@ -457,17 +457,19 @@ struct socket_context *tls_init_server(struct tls_params *params, tls->socket = socket; tls->fde = fde; if (talloc_reference(tls, fde) == NULL) { + talloc_free(new_sock); return NULL; } if (talloc_reference(tls, socket) == NULL) { + talloc_free(new_sock); return NULL; } new_sock->private_data = tls; if (!params->tls_enabled) { - tls->tls_enabled = False; - return new_sock; + talloc_free(new_sock); + return NULL; } TLSCHECK(gnutls_init(&tls->session, GNUTLS_SERVER)); @@ -503,9 +505,8 @@ struct socket_context *tls_init_server(struct tls_params *params, failed: DEBUG(0,("TLS init connection failed - %s\n", gnutls_strerror(ret))); - tls->tls_enabled = False; - params->tls_enabled = False; - return new_sock; + talloc_free(new_sock); + return NULL; } @@ -649,7 +650,10 @@ struct socket_context *tls_init_server(struct tls_params *params, struct fd_event *fde, const char *plain_chars) { - return socket; + if (plain_chars) { + return socket; + } + return NULL; } @@ -659,7 +663,7 @@ struct socket_context *tls_init_server(struct tls_params *params, struct socket_context *tls_init_client(struct socket_context *socket, struct fd_event *fde) { - return socket; + return NULL; } BOOL tls_support(struct tls_params *params) |