From 107ab090e23dfc517bc74bb553315cd3528e1f7d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 17 Apr 2008 14:47:07 +0200 Subject: use uintptr_t instead of intptr_t where appropriate (This used to be commit d62f2bcc85c13605c133db250e0a86d2d6ccc481) --- source4/cluster/ctdb/include/includes.h | 2 +- source4/lib/ldb/ldb_tdb/ldb_index.c | 4 ++-- source4/lib/replace/libreplace_cc.m4 | 3 ++- source4/lib/replace/replace.c | 2 +- source4/lib/replace/replace.h | 2 +- source4/lib/util/util.h | 2 +- source4/librpc/ndr/ndr_basic.c | 4 ++-- 7 files changed, 10 insertions(+), 9 deletions(-) diff --git a/source4/cluster/ctdb/include/includes.h b/source4/cluster/ctdb/include/includes.h index 48c3c2ea4c..0ed44cbad0 100644 --- a/source4/cluster/ctdb/include/includes.h +++ b/source4/cluster/ctdb/include/includes.h @@ -21,7 +21,7 @@ extern int LogLevel; #define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x)) #ifndef discard_const -#define discard_const(ptr) ((void *)((intptr_t)(ptr))) +#define discard_const(ptr) ((void *)((uintptr_t)(ptr))) #endif struct timeval timeval_zero(void); diff --git a/source4/lib/ldb/ldb_tdb/ldb_index.c b/source4/lib/ldb/ldb_tdb/ldb_index.c index d8776f48e2..1b6d9feed6 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_index.c +++ b/source4/lib/ldb/ldb_tdb/ldb_index.c @@ -545,7 +545,7 @@ static int ltdb_index_dn_one(struct ldb_module *module, /* the attribute is indexed. Pull the list of DNs that match the search criterion */ - val.data = (uint8_t *)((intptr_t)ldb_dn_get_casefold(parent_dn)); + val.data = (uint8_t *)((uintptr_t)ldb_dn_get_casefold(parent_dn)); val.length = strlen((char *)val.data); key = ltdb_index_key(ldb, LTDB_IDXONE, &val); if (!key) { @@ -1140,7 +1140,7 @@ int ltdb_index_one(struct ldb_module *module, const struct ldb_message *msg, int return LDB_ERR_OPERATIONS_ERROR; } - val.data = (uint8_t *)((intptr_t)ldb_dn_get_casefold(pdn)); + val.data = (uint8_t *)((uintptr_t)ldb_dn_get_casefold(pdn)); if (val.data == NULL) { talloc_free(pdn); return LDB_ERR_OPERATIONS_ERROR; diff --git a/source4/lib/replace/libreplace_cc.m4 b/source4/lib/replace/libreplace_cc.m4 index bf5056838d..0ce0958a96 100644 --- a/source4/lib/replace/libreplace_cc.m4 +++ b/source4/lib/replace/libreplace_cc.m4 @@ -132,7 +132,8 @@ AC_CHECK_SIZEOF(off_t) AC_CHECK_SIZEOF(size_t) AC_CHECK_SIZEOF(ssize_t) -AC_CHECK_TYPE(intptr_t, unsigned long long) +AC_CHECK_TYPE(intptr_t, long long) +AC_CHECK_TYPE(uintptr_t, unsigned long long) AC_CHECK_TYPE(ptrdiff_t, unsigned long long) if test x"$ac_cv_type_long_long" != x"yes";then diff --git a/source4/lib/replace/replace.c b/source4/lib/replace/replace.c index 6930f9b079..443da2ab24 100644 --- a/source4/lib/replace/replace.c +++ b/source4/lib/replace/replace.c @@ -458,7 +458,7 @@ char *rep_strcasestr(const char *haystack, const char *needle) for (s=haystack;*s;s++) { if (toupper(*needle) == toupper(*s) && strncasecmp(s, needle, nlen) == 0) { - return (char *)((intptr_t)s); + return (char *)((uintptr_t)s); } } return NULL; diff --git a/source4/lib/replace/replace.h b/source4/lib/replace/replace.h index 5fe79394eb..bf95169352 100644 --- a/source4/lib/replace/replace.h +++ b/source4/lib/replace/replace.h @@ -499,7 +499,7 @@ typedef int bool; Also, please call this via the discard_const_p() macro interface, as that makes the return type safe. */ -#define discard_const(ptr) ((void *)((intptr_t)(ptr))) +#define discard_const(ptr) ((void *)((uintptr_t)(ptr))) /** Type-safe version of discard_const */ #define discard_const_p(type, ptr) ((type *)discard_const(ptr)) diff --git a/source4/lib/util/util.h b/source4/lib/util/util.h index 3bf6b98d2f..ffe83c14b2 100644 --- a/source4/lib/util/util.h +++ b/source4/lib/util/util.h @@ -64,7 +64,7 @@ extern const char *panic_action; makes the return type safe. */ #ifndef discard_const -#define discard_const(ptr) ((void *)((intptr_t)(ptr))) +#define discard_const(ptr) ((void *)((uintptr_t)(ptr))) #endif /** Type-safe version of discard_const */ diff --git a/source4/librpc/ndr/ndr_basic.c b/source4/librpc/ndr/ndr_basic.c index 93a177f94e..1d2b47c850 100644 --- a/source4/librpc/ndr/ndr_basic.c +++ b/source4/librpc/ndr/ndr_basic.c @@ -196,7 +196,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_hyper(struct ndr_pull *ndr, int ndr_flags, u */ _PUBLIC_ enum ndr_err_code ndr_pull_pointer(struct ndr_pull *ndr, int ndr_flags, void* *v) { - intptr_t h; + uintptr_t h; NDR_PULL_ALIGN(ndr, sizeof(h)); NDR_PULL_NEED_BYTES(ndr, sizeof(h)); memcpy(&h, ndr->data+ndr->offset, sizeof(h)); @@ -393,7 +393,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_hyper(struct ndr_push *ndr, int ndr_flags, u */ _PUBLIC_ enum ndr_err_code ndr_push_pointer(struct ndr_push *ndr, int ndr_flags, void* v) { - intptr_t h = (intptr_t)v; + uintptr_t h = (intptr_t)v; NDR_PUSH_ALIGN(ndr, sizeof(h)); NDR_PUSH_NEED_BYTES(ndr, sizeof(h)); memcpy(ndr->data+ndr->offset, &h, sizeof(h)); -- cgit From 11703b298685c9984a6a3c3a64eddb8a1a516b90 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 17 Apr 2008 15:20:39 +0200 Subject: fix the overflow/wrap checks in Samba4 for new gcc optimisation behavior The approach I have used is as set out in https://www.securecoding.cert.org/confluence/display/seccode/ARR38-C.+Do+not+add+or+subtract+an+integer+to+a+pointer+if+the+resulting+value+does+not+refer+to+an+element+within+the+array (This used to be commit 92d5fb531db39be655f0cbd2d75b5f675a0a4cfa) --- source4/libcli/raw/rawrequest.c | 6 +++--- source4/libcli/raw/rawtrans.c | 6 +++--- source4/libcli/smb2/request.c | 8 ++++---- source4/smb_server/smb/request.c | 6 +++--- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/source4/libcli/raw/rawrequest.c b/source4/libcli/raw/rawrequest.c index a42c710547..ef856c6ea1 100644 --- a/source4/libcli/raw/rawrequest.c +++ b/source4/libcli/raw/rawrequest.c @@ -700,10 +700,10 @@ DATA_BLOB smbcli_req_pull_blob(struct request_bufinfo *bufinfo, TALLOC_CTX *mem_ static bool smbcli_req_data_oob(struct request_bufinfo *bufinfo, const uint8_t *ptr, uint32_t count) { /* be careful with wraparound! */ - if (ptr < bufinfo->data || - ptr >= bufinfo->data + bufinfo->data_size || + if ((uintptr_t)ptr < (uintptr_t)bufinfo->data || + (uintptr_t)ptr >= (uintptr_t)bufinfo->data + bufinfo->data_size || count > bufinfo->data_size || - ptr + count > bufinfo->data + bufinfo->data_size) { + (uintptr_t)ptr + count > (uintptr_t)bufinfo->data + bufinfo->data_size) { return true; } return false; diff --git a/source4/libcli/raw/rawtrans.c b/source4/libcli/raw/rawtrans.c index 29881afd2b..0f15b2151b 100644 --- a/source4/libcli/raw/rawtrans.c +++ b/source4/libcli/raw/rawtrans.c @@ -40,10 +40,10 @@ static bool raw_trans_oob(struct smbcli_request *req, ptr = req->in.hdr + offset; /* be careful with wraparound! */ - if (ptr < req->in.data || - ptr >= req->in.data + req->in.data_size || + if ((uintptr_t)ptr < (uintptr_t)req->in.data || + (uintptr_t)ptr >= (uintptr_t)req->in.data + req->in.data_size || count > req->in.data_size || - ptr + count > req->in.data + req->in.data_size) { + (uintptr_t)ptr + count > (uintptr_t)req->in.data + req->in.data_size) { return true; } return false; diff --git a/source4/libcli/smb2/request.c b/source4/libcli/smb2/request.c index 2471fcaa4d..f52b0ceef2 100644 --- a/source4/libcli/smb2/request.c +++ b/source4/libcli/smb2/request.c @@ -211,10 +211,10 @@ bool smb2_oob(struct smb2_request_buffer *buf, const uint8_t *ptr, size_t size) return false; } /* be careful with wraparound! */ - if (ptr < buf->body || - ptr >= buf->body + buf->body_size || + if ((uintptr_t)ptr < (uintptr_t)buf->body || + (uintptr_t)ptr >= (uintptr_t)buf->body + buf->body_size || size > buf->body_size || - ptr + size > buf->body + buf->body_size) { + (uintptr_t)ptr + size > (uintptr_t)buf->body + buf->body_size) { return true; } return false; @@ -669,7 +669,7 @@ NTSTATUS smb2_push_o16s16_string(struct smb2_request_buffer *buf, } if (*str == 0) { - blob.data = str; + blob.data = discard_const(str); blob.length = 0; return smb2_push_o16s16_blob(buf, ofs, blob); } diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index 87073517dd..c7fa2d7d8a 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -651,10 +651,10 @@ bool req_data_oob(struct request_bufinfo *bufinfo, const uint8_t *ptr, uint32_t } /* be careful with wraparound! */ - if (ptr < bufinfo->data || - ptr >= bufinfo->data + bufinfo->data_size || + if ((uintptr_t)ptr < (uintptr_t)bufinfo->data || + (uintptr_t)ptr >= (uintptr_t)bufinfo->data + bufinfo->data_size || count > bufinfo->data_size || - ptr + count > bufinfo->data + bufinfo->data_size) { + (uintptr_t)ptr + count > (uintptr_t)bufinfo->data + bufinfo->data_size) { return true; } return false; -- cgit From aa51981e9916bf8d145001e4ad592efd53527dfe Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 17 Apr 2008 15:01:45 +0200 Subject: libndr: add dom_sid0 type that can later be used for CLDAP and MAILSLOT ntlogon packets metze (This used to be commit 690c12cd2afd0fba626576fbae3f28ffdae63be2) --- source4/librpc/idl/security.idl | 3 +++ source4/librpc/ndr/libndr.h | 4 +++ source4/librpc/ndr/ndr_sec_helper.c | 51 +++++++++++++++++++++++++++++++++++++ 3 files changed, 58 insertions(+) diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl index 753fad85cf..314846c53f 100644 --- a/source4/librpc/idl/security.idl +++ b/source4/librpc/idl/security.idl @@ -22,6 +22,9 @@ cpp_quote("#define dom_sid2 dom_sid") /* same struct as dom_sid but inside a 28 bytes fixed buffer in NDR */ cpp_quote("#define dom_sid28 dom_sid") +/* same struct as dom_sid but in a variable byte buffer, which is maybe empty in NDR */ +cpp_quote("#define dom_sid0 dom_sid") + [ pointer_default(unique) ] diff --git a/source4/librpc/ndr/libndr.h b/source4/librpc/ndr/libndr.h index 2439c386db..b719be2bab 100644 --- a/source4/librpc/ndr/libndr.h +++ b/source4/librpc/ndr/libndr.h @@ -336,6 +336,10 @@ enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid); void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid); size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags); +enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid); +enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid); +void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct dom_sid *sid); +size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags); void ndr_print_ipv4_addr(struct ndr_print *ndr, const char *name, const struct in_addr *_ip); void ndr_print_GUID(struct ndr_print *ndr, const char *name, const struct GUID *guid); enum ndr_err_code ndr_push_struct_blob(DATA_BLOB *blob, TALLOC_CTX *mem_ctx, struct smb_iconv_convenience *iconv_convenience, const void *p, ndr_push_flags_fn_t fn); diff --git a/source4/librpc/ndr/ndr_sec_helper.c b/source4/librpc/ndr/ndr_sec_helper.c index 5a0178bd25..1256d7dd2d 100644 --- a/source4/librpc/ndr/ndr_sec_helper.c +++ b/source4/librpc/ndr/ndr_sec_helper.c @@ -48,6 +48,11 @@ size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags) return 8 + 4*sid->num_auths; } +size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags) +{ + return ndr_size_dom_sid28(sid, flags); +} + /* return the wire size of a security_ace */ @@ -128,6 +133,11 @@ void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct d ndr_print_dom_sid(ndr, name, sid); } +void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) +{ + ndr_print_dom_sid(ndr, name, sid); +} + /* parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field @@ -225,3 +235,44 @@ enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const return NDR_ERR_SUCCESS; } +/* + parse a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty +*/ +enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) +{ + if (!(ndr_flags & NDR_SCALARS)) { + return NDR_ERR_SUCCESS; + } + + if (ndr->data_size == ndr->offset) { + ZERO_STRUCTP(sid); + return NDR_ERR_SUCCESS; + } + + return ndr_pull_dom_sid(ndr, ndr_flags, sid); +} + +/* + push a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty +*/ +enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) +{ + struct dom_sid zero_sid; + + if (!(ndr_flags & NDR_SCALARS)) { + return NDR_ERR_SUCCESS; + } + + if (!sid) { + return NDR_ERR_SUCCESS; + } + + ZERO_STRUCT(zero_sid); + + if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { + return NDR_ERR_SUCCESS; + } + + return ndr_push_dom_sid(ndr, ndr_flags, sid); +} + -- cgit From e0fe8613a3621e7a1e0488f6698db56ef6c67dd9 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 17 Apr 2008 16:26:59 +0200 Subject: nbt.idl: fix parsing und pushing of dom_sids by using dom_sid0 metze (This used to be commit 0e2f6d481b3e35ed392b2b3340b244c77593819c) --- source4/librpc/idl/nbt.idl | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/source4/librpc/idl/nbt.idl b/source4/librpc/idl/nbt.idl index aa88360882..dddfa4e1ce 100644 --- a/source4/librpc/idl/nbt.idl +++ b/source4/librpc/idl/nbt.idl @@ -440,9 +440,8 @@ interface nbt nstring unicode_domain; uint32 db_count; nbt_db_change dbchange[db_count]; - [value(ndr_size_dom_sid(&sid, ndr->flags))] uint32 sid_size; - [flag(NDR_ALIGN4)] DATA_BLOB _pad2; - dom_sid sid; + [value(ndr_size_dom_sid0(&sid, ndr->flags))] uint32 sid_size; + [subcontext(0),subcontext_size(sid_size)] dom_sid0 sid; uint32 nt_version; uint16 lmnt_token; uint16 lm20_token; @@ -560,9 +559,8 @@ interface nbt nstring user_name; astring mailslot_name; uint32 acct_control; - [value(ndr_size_dom_sid(&sid, ndr->flags))] uint32 sid_size; - [flag(NDR_ALIGN4)] DATA_BLOB _pad; - dom_sid sid; + [value(ndr_size_dom_sid0(&sid, ndr->flags))] uint32 sid_size; + [subcontext(0),subcontext_size(sid_size)] dom_sid0 sid; uint32 nt_version; uint16 lmnt_token; uint16 lm20_token; -- cgit