From 4cd6e31bd364270580f2907fbc5669bf29d09578 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 14 Feb 2003 23:04:03 +0000 Subject: Ensure that only parse_prs.c access internal members of the prs_struct. Needed to move to disk based i/o later. Jeremy. (This used to be commit 4c3ee228fcdb089eaeead95e79532a9cf6cb0de6) --- source3/auth/auth_winbind.c | 4 +-- source3/libads/ldap.c | 16 ++++++--- source3/libsmb/clisecdesc.c | 6 ++-- source3/nsswitch/winbindd_pam.c | 3 +- source3/rpc_client/cli_spoolss.c | 20 +++++------ source3/rpc_parse/parse_net.c | 28 ++++++++-------- source3/rpc_parse/parse_prs.c | 66 ++++++++++++++++++++++++++++++------- source3/rpc_parse/parse_sec.c | 8 ++--- source3/rpc_server/srv_pipe.c | 26 +++++++-------- source3/rpc_server/srv_pipe_hnd.c | 15 +++------ source3/rpc_server/srv_spoolss_nt.c | 5 ++- 11 files changed, 118 insertions(+), 79 deletions(-) diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c index e45e2c879f..5e1567d3c1 100644 --- a/source3/auth/auth_winbind.c +++ b/source3/auth/auth_winbind.c @@ -36,8 +36,8 @@ static NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct winbindd_response if (!prs_init(&ps, len, mem_ctx, UNMARSHALL)) { return NT_STATUS_NO_MEMORY; } - prs_append_data(&ps, info3_ndr, len); - ps.data_offset = 0; + prs_copy_data_in(&ps, info3_ndr, len); + prs_set_offset(&ps,0); if (!net_io_user_info3("", info3, &ps, 1, 3)) { DEBUG(2, ("get_info3_from_ndr: could not parse info3 struct!\n")); return NT_STATUS_UNSUCCESSFUL; diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 867d124273..47a94f0a08 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -1157,8 +1157,8 @@ static void dump_sd(const char *filed, struct berval **values) /* prepare data */ prs_init(&ps, values[0]->bv_len, ctx, UNMARSHALL); - prs_append_data(&ps, values[0]->bv_val, values[0]->bv_len); - ps.data_offset = 0; + prs_copy_data_in(&ps, values[0]->bv_val, values[0]->bv_len); + prs_set_offset(&ps,0); /* parse secdesc */ if (!sec_io_desc("sd", &psd, &ps, 1)) { @@ -1478,7 +1478,13 @@ ADS_STATUS ads_set_machine_sd(ADS_STRUCT *ads, const char *hostname, char *dn) if (!(mods = ads_init_mods(ctx))) return ADS_ERROR(LDAP_NO_MEMORY); bval.bv_len = sd_size; - bval.bv_val = prs_data_p(&ps_wire); + bval.bv_val = talloc(ctx, sd_size); + if (!bval.bv_val) { + ret = ADS_ERROR(LDAP_NO_MEMORY); + goto ads_set_sd_error; + } + prs_copy_all_data_out((char *)&bval.bv_val, &ps_wire); + ads_mod_ber(ctx, &mods, attrs[0], &bval); ret = ads_gen_mod(ads, dn, mods); @@ -1726,8 +1732,8 @@ BOOL ads_pull_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, if (values[0]) { prs_init(&ps, values[0]->bv_len, mem_ctx, UNMARSHALL); - prs_append_data(&ps, values[0]->bv_val, values[0]->bv_len); - ps.data_offset = 0; + prs_copy_data_in(&ps, values[0]->bv_val, values[0]->bv_len); + prs_set_offset(&ps,0); ret = sec_io_desc("sd", sd, &ps, 1); } diff --git a/source3/libsmb/clisecdesc.c b/source3/libsmb/clisecdesc.c index 7dd2747ff6..20154dbeb2 100644 --- a/source3/libsmb/clisecdesc.c +++ b/source3/libsmb/clisecdesc.c @@ -54,8 +54,8 @@ SEC_DESC *cli_query_secdesc(struct cli_state *cli, int fnum, } prs_init(&pd, rdata_count, mem_ctx, UNMARSHALL); - prs_append_data(&pd, rdata, rdata_count); - pd.data_offset = 0; + prs_copy_data_in(&pd, rdata, rdata_count); + prs_set_offset(&pd,0); if (!sec_io_desc("sd data", &psd, &pd, 1)) { DEBUG(1,("Failed to parse secdesc\n")); @@ -104,7 +104,7 @@ BOOL cli_set_secdesc(struct cli_state *cli, int fnum, SEC_DESC *sd) 0, NULL, 0, 0, param, 8, 0, - pd.data_p, pd.data_offset, 0)) { + prs_data_p(&pd), prs_offset(&pd), 0)) { DEBUG(1,("Failed to send NT_TRANSACT_SET_SECURITY_DESC\n")); goto cleanup; } diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index f3237f08da..e24afbabd6 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -42,11 +42,12 @@ static NTSTATUS append_info3_as_ndr(TALLOC_CTX *mem_ctx, } size = prs_data_size(&ps); - state->response.extra_data = memdup(prs_data_p(&ps), size); + state->response.extra_data = malloc(size); if (!state->response.extra_data) { prs_mem_free(&ps); return NT_STATUS_NO_MEMORY; } + prs_copy_all_data_out(state->response.extra_data, &ps); state->response.length += size; prs_mem_free(&ps); return NT_STATUS_OK; diff --git a/source3/rpc_client/cli_spoolss.c b/source3/rpc_client/cli_spoolss.c index 0a168d93ba..a1aa6664c1 100644 --- a/source3/rpc_client/cli_spoolss.c +++ b/source3/rpc_client/cli_spoolss.c @@ -58,7 +58,7 @@ static void decode_printer_info_0(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer, inf=(PRINTER_INFO_0 *)talloc(mem_ctx, returned*sizeof(PRINTER_INFO_0)); memset(inf, 0, returned*sizeof(PRINTER_INFO_0)); - buffer->prs.data_offset=0; + prs_set_offset(&buffer->prs,0); for (i=0; iprs.data_offset=0; + prs_set_offset(&buffer->prs,0); for (i=0; iprs.data_offset=0; + prs_set_offset(&buffer->prs,0); for (i=0; iprs.data_offset=0; + prs_set_offset(&buffer->prs,0); for (i=0; iprs.data_offset=0; + prs_set_offset(&buffer->prs,0); for (i=0; iprs.data_offset=0; + prs_set_offset(&buffer->prs,0); for (i=0; iprs.data_offset=0; + prs_set_offset(&buffer->prs,0); for (i=0; iprs.data_offset = 0; + prs_set_offset(&buffer->prs,0); for (i = 0; i < num_forms; i++) smb_io_form_1("", buffer, &((*forms)[i]), 0); @@ -1506,7 +1506,7 @@ static void decode_jobs_1(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer, uint32 i; *jobs = (JOB_INFO_1 *)talloc(mem_ctx, num_jobs * sizeof(JOB_INFO_1)); - buffer->prs.data_offset = 0; + prs_set_offset(&buffer->prs,0); for (i = 0; i < num_jobs; i++) smb_io_job_info_1("", buffer, &((*jobs)[i]), 0); @@ -1518,7 +1518,7 @@ static void decode_jobs_2(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer, uint32 i; *jobs = (JOB_INFO_2 *)talloc(mem_ctx, num_jobs * sizeof(JOB_INFO_2)); - buffer->prs.data_offset = 0; + prs_set_offset(&buffer->prs,0); for (i = 0; i < num_jobs; i++) smb_io_job_info_2("", buffer, &((*jobs)[i]), 0); diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c index 853bca3b54..1e31836476 100644 --- a/source3/rpc_parse/parse_net.c +++ b/source3/rpc_parse/parse_net.c @@ -1804,9 +1804,9 @@ static BOOL net_io_sam_domain_info(const char *desc, SAM_DOMAIN_INFO * info, if (!smb_io_unihdr("hdr_unknown", &info->hdr_unknown, ps, depth)) return False; - if (ps->data_offset + 40 > ps->buffer_size) + if (prs_offset(ps) + 40 > prs_data_size(ps)) return False; - ps->data_offset += 40; + prs_set_offset(ps, prs_offset(ps) + 40); if (!smb_io_unistr2("uni_dom_name", &info->uni_dom_name, info->hdr_dom_name.buffer, ps, depth)) @@ -1843,9 +1843,9 @@ static BOOL net_io_sam_group_info(const char *desc, SAM_GROUP_INFO * info, if (!smb_io_bufhdr2("hdr_sec_desc", &info->hdr_sec_desc, ps, depth)) return False; - if (ps->data_offset + 48 > ps->buffer_size) + if (prs_offset(ps) + 48 > prs_data_size(ps)) return False; - ps->data_offset += 48; + prs_set_offset(ps, prs_offset(ps) + 48); if (!smb_io_unistr2("uni_grp_name", &info->uni_grp_name, info->hdr_grp_name.buffer, ps, depth)) @@ -2124,13 +2124,13 @@ static BOOL net_io_sam_account_info(const char *desc, uint8 sess_key[16], uint32 len = 0x44; if (!prs_uint32("pwd_len", ps, depth, &len)) return False; - old_offset = ps->data_offset; + old_offset = prs_offset(ps); if (len == 0x44) { if (ps->io) { /* reading */ - if (!prs_hash1(ps, ps->data_offset, sess_key)) + if (!prs_hash1(ps, prs_offset(ps), sess_key)) return False; } if (!net_io_sam_passwd_info("pass", &info->pass, @@ -2144,9 +2144,9 @@ static BOOL net_io_sam_account_info(const char *desc, uint8 sess_key[16], return False; } } - if (old_offset + len > ps->buffer_size) + if (old_offset + len > prs_data_size(ps)) return False; - ps->data_offset = old_offset + len; + prs_set_offset(ps, old_offset + len); } if (!smb_io_buffer4("buf_sec_desc", &info->buf_sec_desc, info->hdr_sec_desc.buffer, ps, depth)) @@ -2181,9 +2181,9 @@ static BOOL net_io_sam_group_mem_info(const char *desc, SAM_GROUP_MEM_INFO * inf if (!prs_uint32("num_members", ps, depth, &info->num_members)) return False; - if (ps->data_offset + 16 > ps->buffer_size) + if (prs_offset(ps) + 16 > prs_data_size(ps)) return False; - ps->data_offset += 16; + prs_set_offset(ps, prs_offset(ps) + 16); if (info->ptr_rids != 0) { @@ -2263,9 +2263,9 @@ static BOOL net_io_sam_alias_info(const char *desc, SAM_ALIAS_INFO * info, if (!smb_io_unihdr("hdr_als_desc", &info->hdr_als_desc, ps, depth)) return False; - if (ps->data_offset + 40 > ps->buffer_size) + if (prs_offset(ps) + 40 > prs_data_size(ps)) return False; - ps->data_offset += 40; + prs_set_offset(ps, prs_offset(ps) + 40); if (!smb_io_unistr2("uni_als_name", &info->uni_als_name, info->hdr_als_name.buffer, ps, depth)) @@ -2300,9 +2300,9 @@ static BOOL net_io_sam_alias_mem_info(const char *desc, SAM_ALIAS_MEM_INFO * inf if (info->ptr_members != 0) { - if (ps->data_offset + 16 > ps->buffer_size) + if (prs_offset(ps) + 16 > prs_data_size(ps)) return False; - ps->data_offset += 16; + prs_set_offset(ps, prs_offset(ps) + 16); if (!prs_uint32("num_sids", ps, depth, &info->num_sids)) return False; diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c index 6f6117a9e2..702375be35 100644 --- a/source3/rpc_parse/parse_prs.c +++ b/source3/rpc_parse/parse_prs.c @@ -134,7 +134,8 @@ void prs_mem_free(prs_struct *ps) void prs_mem_clear(prs_struct *ps) { - memset(ps->data_p, '\0', (size_t)ps->buffer_size); + if (ps->buffer_size) + memset(ps->data_p, '\0', (size_t)ps->buffer_size); } /******************************************************************* @@ -143,11 +144,13 @@ void prs_mem_clear(prs_struct *ps) char *prs_alloc_mem(prs_struct *ps, size_t size) { - char *ret = talloc(ps->mem_ctx, size); - - if (ret) - memset(ret, '\0', size); + char *ret = NULL; + if (size) { + ret = talloc(ps->mem_ctx, size); + if (ret) + memset(ret, '\0', size); + } return ret; } @@ -308,7 +311,7 @@ BOOL prs_force_grow(prs_struct *ps, uint32 extra_space) /******************************************************************* Get the data pointer (external interface). - ********************************************************************/ +********************************************************************/ char *prs_data_p(prs_struct *ps) { @@ -357,10 +360,13 @@ BOOL prs_set_offset(prs_struct *ps, uint32 offset) BOOL prs_append_prs_data(prs_struct *dst, prs_struct *src) { + if (prs_offset(src) == 0) + return True; + if(!prs_grow(dst, prs_offset(src))) return False; - memcpy(&dst->data_p[dst->data_offset], prs_data_p(src), (size_t)prs_offset(src)); + memcpy(&dst->data_p[dst->data_offset], src->data_p, (size_t)prs_offset(src)); dst->data_offset += prs_offset(src); return True; @@ -378,7 +384,7 @@ BOOL prs_append_some_prs_data(prs_struct *dst, prs_struct *src, int32 start, uin if(!prs_grow(dst, len)) return False; - memcpy(&dst->data_p[dst->data_offset], prs_data_p(src)+start, (size_t)len); + memcpy(&dst->data_p[dst->data_offset], src->data_p + start, (size_t)len); dst->data_offset += len; return True; @@ -388,8 +394,11 @@ BOOL prs_append_some_prs_data(prs_struct *dst, prs_struct *src, int32 start, uin Append the data from a buffer into a parse_struct. ********************************************************************/ -BOOL prs_append_data(prs_struct *dst, char *src, uint32 len) +BOOL prs_copy_data_in(prs_struct *dst, char *src, uint32 len) { + if (len == 0) + return True; + if(!prs_grow(dst, len)) return False; @@ -399,6 +408,39 @@ BOOL prs_append_data(prs_struct *dst, char *src, uint32 len) return True; } +/******************************************************************* + Copy some data from a parse_struct into a buffer. + ********************************************************************/ + +BOOL prs_copy_data_out(char *dst, prs_struct *src, uint32 len) +{ + if (len == 0) + return True; + + if(!prs_mem_get(src, len)) + return False; + + memcpy(dst, &src->data_p[src->data_offset], (size_t)len); + src->data_offset += len; + + return True; +} + +/******************************************************************* + Copy all the data from a parse_struct into a buffer. + ********************************************************************/ + +BOOL prs_copy_all_data_out(char *dst, prs_struct *src) +{ + uint32 len = prs_offset(src); + + if (!len) + return True; + + prs_set_offset(src, 0); + return prs_copy_data_out(dst, src, len); +} + /******************************************************************* Set the data as X-endian (external interface). ********************************************************************/ @@ -1049,7 +1091,7 @@ BOOL prs_unistr(const char *name, prs_struct *ps, int depth, UNISTR *str) else { /* unmarshalling */ uint32 alloc_len = 0; - q = prs_data_p(ps) + prs_offset(ps); + q = ps->data_p + prs_offset(ps); /* * Work out how much space we need and talloc it. @@ -1242,7 +1284,7 @@ int tdb_prs_store(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps) TDB_DATA kbuf, dbuf; kbuf.dptr = keystr; kbuf.dsize = strlen(keystr)+1; - dbuf.dptr = prs_data_p(ps); + dbuf.dptr = ps->data_p; dbuf.dsize = prs_offset(ps); return tdb_store(tdb, kbuf, dbuf, TDB_REPLACE); } @@ -1272,7 +1314,7 @@ BOOL prs_hash1(prs_struct *ps, uint32 offset, uint8 sess_key[16]) { char *q; - q = prs_data_p(ps); + q = ps->data_p; q = &q[offset]; #ifdef DEBUG_PASSWORD diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index a49a34139e..dbd72e5250 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -782,7 +782,7 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) if (psd->off_owner_sid != 0) { - tmp_offset = ps->data_offset; + tmp_offset = prs_offset(ps); if(!prs_set_offset(ps, old_offset + psd->off_owner_sid)) return False; @@ -803,7 +803,7 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) if (psd->off_grp_sid != 0) { - tmp_offset = ps->data_offset; + tmp_offset = prs_offset(ps); if(!prs_set_offset(ps, old_offset + psd->off_grp_sid)) return False; @@ -823,7 +823,7 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) } if ((psd->type & SEC_DESC_SACL_PRESENT) && psd->off_sacl) { - tmp_offset = ps->data_offset; + tmp_offset = prs_offset(ps); if(!prs_set_offset(ps, old_offset + psd->off_sacl)) return False; if(!sec_io_acl("sacl", &psd->sacl, ps, depth)) @@ -835,7 +835,7 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) if ((psd->type & SEC_DESC_DACL_PRESENT) && psd->off_dacl != 0) { - tmp_offset = ps->data_offset; + tmp_offset = prs_offset(ps); if(!prs_set_offset(ps, old_offset + psd->off_dacl)) return False; if(!sec_io_acl("dacl", &psd->dacl, ps, depth)) diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 4c4b3e7af3..50127005a1 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -84,8 +84,6 @@ BOOL create_next_pdu(pipes_struct *p) uint32 data_space_available; uint32 data_len_left; prs_struct outgoing_pdu; - char *data; - char *data_from; uint32 data_pos; /* @@ -187,26 +185,26 @@ BOOL create_next_pdu(pipes_struct *p) data_pos = prs_offset(&outgoing_pdu); /* Copy the data into the PDU. */ - data_from = prs_data_p(&p->out_data.rdata) + p->out_data.data_sent_length; - if(!prs_append_data(&outgoing_pdu, data_from, data_len)) { + if(!prs_append_some_prs_data(&outgoing_pdu, &p->out_data.rdata, p->out_data.data_sent_length, data_len)) { DEBUG(0,("create_next_pdu: failed to copy %u bytes of data.\n", (unsigned int)data_len)); prs_mem_free(&outgoing_pdu); return False; } - /* - * Set data to point to where we copied the data into. - */ - - data = prs_data_p(&outgoing_pdu) + data_pos; - if (p->hdr.auth_len > 0) { uint32 crc32 = 0; + char *data; DEBUG(5,("create_next_pdu: sign: %s seal: %s data %d auth %d\n", BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len, p->hdr.auth_len)); + /* + * Set data to point to where we copied the data into. + */ + + data = prs_data_p(&outgoing_pdu) + data_pos; + if (auth_seal) { crc32 = crc32_calc_buffer(data, data_len); NTLMSSPcalc_p(p, (uchar*)data, data_len); @@ -1389,17 +1387,15 @@ BOOL api_rpcTNP(pipes_struct *p, const char *rpc_name, /* Check for buffer underflow in rpc parsing */ if ((DEBUGLEVEL >= 10) && - (p->in_data.data.data_offset != p->in_data.data.buffer_size)) { - int data_len = p->in_data.data.buffer_size - - p->in_data.data.data_offset; + (prs_offset(&p->in_data.data) != prs_data_size(&p->in_data.data))) { + size_t data_len = prs_data_size(&p->in_data.data) - prs_offset(&p->in_data.data); char *data; data = malloc(data_len); DEBUG(10, ("api_rpcTNP: rpc input buffer underflow (parse error?)\n")); if (data) { - prs_uint8s(False, "", &p->in_data.data, 0, (unsigned char *)data, - data_len); + prs_uint8s(False, "", &p->in_data.data, 0, (unsigned char *)data, (uint32)data_len); SAFE_FREE(data); } diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 6cdb6836eb..8cb81b9c6d 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -618,16 +618,11 @@ authentication failed. Denying the request.\n", p->name)); * Append the data portion into the buffer and return. */ - { - char *data_from = prs_data_p(rpc_in_p) + prs_offset(rpc_in_p); - - if(!prs_append_data(&p->in_data.data, data_from, data_len)) { - DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n", - (unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) )); - set_incoming_fault(p); - return False; - } - + if(!prs_append_some_prs_data(&p->in_data.data, rpc_in_p, prs_offset(rpc_in_p), data_len)) { + DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n", + (unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) )); + set_incoming_fault(p); + return False; } if(p->hdr.flags & RPC_FLG_LAST) { diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 594c749c9c..8304b14a1c 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -706,10 +706,9 @@ static void notify_system_time(struct spoolss_notify_msg *msg, return; data->notify_data.data.length = prs_offset(&ps); - data->notify_data.data.string = - talloc(mem_ctx, prs_offset(&ps)); + data->notify_data.data.string = talloc(mem_ctx, prs_offset(&ps)); - memcpy(data->notify_data.data.string, prs_data_p(&ps), prs_offset(&ps)); + prs_copy_all_data_out((char *)data->notify_data.data.string, &ps); prs_mem_free(&ps); } -- cgit