From 03011bf11837e75474f91f422ddf35d827d31cd1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 17 Sep 2010 18:04:05 +1000 Subject: s3-libads call common GUID_from_ndr_blob() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This does a length-limited check, and so avoids reading beyond the allocated memory if the server sends less than 16 bytes. Andrew Bartlett Signed-off-by: Günther Deschner --- source3/libads/ldap.c | 36 +++++++++++++++++------------------- source3/printing/nt_printing_ads.c | 7 +++++-- 2 files changed, 22 insertions(+), 21 deletions(-) diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 3525876ecf..32138a784c 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -2127,13 +2127,16 @@ static void dump_guid(ADS_STRUCT *ads, const char *field, struct berval **values { int i; for (i=0; values[i]; i++) { + NTSTATUS status; + DATA_BLOB in = data_blob_const(values[i]->bv_val, values[i]->bv_len); + struct GUID guid; - UUID_FLAT guid; - struct GUID tmp; - - memcpy(guid.info, values[i]->bv_val, sizeof(guid.info)); - smb_uuid_unpack(guid, &tmp); - printf("%s: %s\n", field, GUID_string(talloc_tos(), &tmp)); + status = GUID_from_ndr_blob(&in, &guid); + if (NT_STATUS_IS_OK(status)) { + printf("%s: %s\n", field, GUID_string(talloc_tos(), &guid)); + } else { + printf("%s: INVALID GUID\n", field); + } } } @@ -2609,22 +2612,17 @@ int ads_count_replies(ADS_STRUCT *ads, void *res) **/ bool ads_pull_guid(ADS_STRUCT *ads, LDAPMessage *msg, struct GUID *guid) { - char **values; - UUID_FLAT flat_guid; - - values = ldap_get_values(ads->ldap.ld, msg, "objectGUID"); - if (!values) - return False; + DATA_BLOB blob; + NTSTATUS status; - if (values[0]) { - memcpy(&flat_guid.info, values[0], sizeof(UUID_FLAT)); - smb_uuid_unpack(flat_guid, guid); - ldap_value_free(values); - return True; + if (!smbldap_talloc_single_blob(talloc_tos(), ads->ldap.ld, msg, "objectGUID", + &blob)) { + return false; } - ldap_value_free(values); - return False; + status = GUID_from_ndr_blob(&blob, guid); + talloc_free(blob.data); + return NT_STATUS_IS_OK(status); } diff --git a/source3/printing/nt_printing_ads.c b/source3/printing/nt_printing_ads.c index 4b39173c3e..56086c9e89 100644 --- a/source3/printing/nt_printing_ads.c +++ b/source3/printing/nt_printing_ads.c @@ -187,10 +187,13 @@ static WERROR nt_printer_publish_ads(struct messaging_context *msg_ctx, /* retreive the guid and store it locally */ if (ADS_ERR_OK(ads_search_dn(ads, &res, prt_dn, attrs))) { + bool guid_ok; ZERO_STRUCT(guid); - ads_pull_guid(ads, res, &guid); + guid_ok = ads_pull_guid(ads, res, &guid); ads_msgfree(ads, res); - store_printer_guid(msg_ctx, printer, guid); + if (guid_ok) { + store_printer_guid(msg_ctx, printer, guid); + } } TALLOC_FREE(ctx); -- cgit