From e5358d6c55cc0aae64447d32611bea4c249f0788 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 2 Apr 2007 19:04:57 +0000 Subject: r22042: Try and clean up my own mess using the API Volker suggested. I now use : BOOL is_offset_safe(const char *buf_base, size_t buf_len, char *ptr, size_t off) char *get_safe_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off) char *get_safe_str_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off) int get_safe_SVAL(const char *buf_base, size_t buf_len, char *ptr, size_t off, int failval) int get_safe_IVAL(const char *buf_base, size_t buf_len, char *ptr, size_t off, int failval) Volker, please criticize and comment. Thanks, Jeremy. (This used to be commit d47af7c9263f519e7307859b6a696d854c5dfca3) --- source3/lib/util.c | 62 ++++++++++++++-- source3/nmbd/nmbd_incomingdgrams.c | 2 +- source3/nmbd/nmbd_processlogon.c | 2 +- source3/smbd/lanman.c | 147 +++++++++++++++++++------------------ 4 files changed, 134 insertions(+), 79 deletions(-) diff --git a/source3/lib/util.c b/source3/lib/util.c index b74c08991a..b558571a77 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -3126,24 +3126,74 @@ int this_is_smp(void) } /**************************************************************** - Return a safe offset into a buffer, or NULL. + Check if an offset into a buffer is safe. ****************************************************************/ -char *get_safe_offset(const char *buf_base, size_t buf_len, char *ptr, size_t off) +BOOL is_offset_safe(const char *buf_base, size_t buf_len, char *ptr, size_t off) { const char *end_base = buf_base + buf_len; char *end_ptr = ptr + off; if (!buf_base || !ptr) { - return NULL; + return False; } if (end_base < buf_base || end_ptr < ptr) { - return NULL; /* wrap. */ + return False; /* wrap. */ } if (end_ptr < end_base) { - return end_ptr; + return True; } - return NULL; + return False; +} + +/**************************************************************** + Return a safe pointer into a buffer, or NULL. +****************************************************************/ + +char *get_safe_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off) +{ + return is_offset_safe(buf_base, buf_len, ptr, off) ? + ptr + off : NULL; +} + +/**************************************************************** + Return a safe pointer into a string within a buffer, or NULL. +****************************************************************/ + +char *get_safe_str_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off) +{ + if (!is_offset_safe(buf_base, buf_len, ptr, off)) { + return NULL; + } + /* Check if a valid string exists at this offset. */ + if (skip_string(buf_base,buf_len, ptr + off, 1) == NULL) { + return NULL; + } + return ptr + off; +} + +/**************************************************************** + Return an SVAL at a pointer, or failval if beyond the end. +****************************************************************/ + +int get_safe_SVAL(const char *buf_base, size_t buf_len, char *ptr, size_t off, int failval) +{ + if (!is_offset_safe(buf_base, buf_len, ptr, off+2)) { + return failval; + } + return SVAL(ptr,0); +} + +/**************************************************************** + Return an IVAL at a pointer, or failval if beyond the end. +****************************************************************/ + +int get_safe_IVAL(const char *buf_base, size_t buf_len, char *ptr, size_t off, int failval) +{ + if (!is_offset_safe(buf_base, buf_len, ptr, off+4)) { + return failval; + } + return IVAL(ptr,0); } diff --git a/source3/nmbd/nmbd_incomingdgrams.c b/source3/nmbd/nmbd_incomingdgrams.c index ef23f3a20d..ec8aa370ce 100644 --- a/source3/nmbd/nmbd_incomingdgrams.c +++ b/source3/nmbd/nmbd_incomingdgrams.c @@ -429,7 +429,7 @@ void process_lm_host_announce(struct subnet_record *subrec, struct packet_struct unstring work_name; unstring source_name; fstring comment; - char *s = get_safe_offset(buf,len,buf,9); + char *s = get_safe_str_ptr(buf,len,buf,9); START_PROFILE(lm_host_announce); if (!s) { diff --git a/source3/nmbd/nmbd_processlogon.c b/source3/nmbd/nmbd_processlogon.c index 6b10d61267..b23e6b996e 100644 --- a/source3/nmbd/nmbd_processlogon.c +++ b/source3/nmbd/nmbd_processlogon.c @@ -91,7 +91,7 @@ logons are not enabled.\n", inet_ntoa(p->ip) )); pstrcpy(my_name, global_myname()); - code = get_safe_offset(buf,len,buf,2) ? SVAL(buf,0) : -1; + code = get_safe_SVAL(buf,len,buf,0,-1); DEBUG(4,("process_logon_packet: Logon from %s: code = 0x%x\n", inet_ntoa(p->ip), code)); switch (code) { diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index f0e553e231..03411b8dd9 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -777,7 +777,7 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, uint16 vuid, char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - char *str1 = get_safe_offset(param,tpscnt,param,2); + char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1,1); char *p = skip_string(param,tpscnt,str2,1); char *QueueName = p; @@ -800,10 +800,9 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, uint16 vuid, if (!p) { return False; } - uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1; - str3 = get_safe_offset(param,tpscnt,p,4) ? p + 4 : 0; - /* Check if string exists. */ - if (skip_string(param,tpscnt,str3,1) == NULL) { + uLevel = get_safe_SVAL(param,tpscnt,p,0,-1); + str3 = get_safe_str_ptr(param,tpscnt,p,4); + if (!str3) { return False; } @@ -905,11 +904,11 @@ static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char **rdata, char** rparam, int *rdata_len, int *rparam_len) { - char *param_format = get_safe_offset(param,tpscnt,param,2); + char *param_format = get_safe_str_ptr(param,tpscnt,param,2); char *output_format1 = skip_string(param,tpscnt,param_format,1); char *p = skip_string(param,tpscnt,output_format1,1); - unsigned int uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1; - char *output_format2 = get_safe_offset(param,tpscnt,p,4); + unsigned int uLevel = get_safe_SVAL(param,tpscnt,p,0,-1); + char *output_format2 = get_safe_str_ptr(param,tpscnt,p,4); int services = lp_numservices(); int i, n; struct pack_desc desc; @@ -1282,12 +1281,12 @@ static BOOL api_RNetServerEnum(connection_struct *conn, uint16 vuid, int mdrcnt, int mprcnt, char **rdata, char **rparam, int *rdata_len, int *rparam_len) { - char *str1 = get_safe_offset(param, tpscnt, param, 2); + char *str1 = get_safe_str_ptr(param, tpscnt, param, 2); char *str2 = skip_string(param,tpscnt,str1,1); char *p = skip_string(param,tpscnt,str2,1); - int uLevel = get_safe_offset(param, tpscnt, p, 2) ? SVAL(p,0) : -1; - int buf_len = get_safe_offset(param,tpscnt, p, 4) ? SVAL(p,2) : 0; - uint32 servertype = get_safe_offset(param,tpscnt,p,8) ? IVAL(p,4) : 0; + int uLevel = get_safe_SVAL(param, tpscnt, p, 0, -1); + int buf_len = get_safe_SVAL(param,tpscnt, p, 2, 0); + uint32 servertype = get_safe_IVAL(param,tpscnt,p,4, 0); char *p2; int data_len, fixed_len, string_len; int f_len = 0, s_len = 0; @@ -1438,11 +1437,11 @@ static BOOL api_RNetGroupGetUsers(connection_struct *conn, uint16 vuid, int mdrcnt, int mprcnt, char **rdata, char **rparam, int *rdata_len, int *rparam_len) { - char *str1 = get_safe_offset(param,tpscnt,param,2); + char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1,1); char *p = skip_string(param,tpscnt,str2,1); - int uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1; - int buf_len = get_safe_offset(param,tpscnt,p,4) ? SVAL(p,2) : 0; + int uLevel = get_safe_SVAL(param,tpscnt,p,0,-1); + int buf_len = get_safe_SVAL(param,tpscnt,p,2,0); int counted=0; int missed=0; @@ -1628,11 +1627,11 @@ static BOOL api_RNetShareGetInfo(connection_struct *conn,uint16 vuid, char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - char *str1 = get_safe_offset(param,tpscnt,param,2); + char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1,1); char *netname = skip_string(param,tpscnt,str2,1); char *p = skip_string(param,tpscnt,netname,1); - int uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1; + int uLevel = get_safe_SVAL(param,tpscnt,p,0,-1); int snum; if (!str1 || !str2 || !netname || !p) { @@ -1694,11 +1693,11 @@ static BOOL api_RNetShareEnum( connection_struct *conn, uint16 vuid, int *rdata_len, int *rparam_len ) { - char *str1 = get_safe_offset(param,tpscnt,param,2); + char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1,1); char *p = skip_string(param,tpscnt,str2,1); - int uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1; - int buf_len = get_safe_offset(param,tpscnt,p,4) ? SVAL(p,2) : 0; + int uLevel = get_safe_SVAL(param,tpscnt,p,0,-1); + int buf_len = get_safe_SVAL(param,tpscnt,p,2,0); char *p2; int count = 0; int total=0,counted=0; @@ -1799,10 +1798,10 @@ static BOOL api_RNetShareAdd(connection_struct *conn,uint16 vuid, char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - char *str1 = get_safe_offset(param,tpscnt,param,2); + char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1,1); char *p = skip_string(param,tpscnt,str2,1); - int uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1; + int uLevel = get_safe_SVAL(param,tpscnt,p,0,-1); fstring sharename; fstring comment; pstring pathname; @@ -1939,7 +1938,7 @@ static BOOL api_RNetGroupEnum(connection_struct *conn,uint16 vuid, int i; int errflags=0; int resume_context, cli_buf_size; - char *str1 = get_safe_offset(param,tpscnt,param,2); + char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1,1); char *p = skip_string(param,tpscnt,str2,1); @@ -1978,8 +1977,8 @@ static BOOL api_RNetGroupEnum(connection_struct *conn,uint16 vuid, return False; } - resume_context = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1; - cli_buf_size= get_safe_offset(param,tpscnt,p,4) ? SVAL(p+2,0) : 0; + resume_context = get_safe_SVAL(param,tpscnt,p,0,-1); + cli_buf_size= get_safe_SVAL(param,tpscnt,p,2,0); DEBUG(10,("api_RNetGroupEnum:resume context: %d, client buffer size: " "%d\n", resume_context, cli_buf_size)); @@ -2042,11 +2041,11 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - char *str1 = get_safe_offset(param,tpscnt,param,2); + char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1,1); char *UserName = skip_string(param,tpscnt,str2,1); char *p = skip_string(param,tpscnt,UserName,1); - int uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1; + int uLevel = get_safe_SVAL(param,tpscnt,p,0,-1); const char *level_string; int count=0; struct samu *sampw = NULL; @@ -2188,7 +2187,7 @@ static BOOL api_RNetUserEnum(connection_struct *conn, uint16 vuid, struct pdb_search *search; struct samr_displayentry *users; - char *str1 = get_safe_offset(param,tpscnt,param,2); + char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1,1); char *p = skip_string(param,tpscnt,str2,1); @@ -2206,8 +2205,8 @@ static BOOL api_RNetUserEnum(connection_struct *conn, uint16 vuid, * h -> return parameter total number of users */ - resume_context = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1; - cli_buf_size= get_safe_offset(param,tpscnt,p,4) ? SVAL(p+2,0) : 0; + resume_context = get_safe_SVAL(param,tpscnt,p,0,-1); + cli_buf_size= get_safe_SVAL(param,tpscnt,p,2,0); DEBUG(10,("api_RNetUserEnum:resume context: %d, client buffer size: %d\n", resume_context, cli_buf_size)); @@ -2343,7 +2342,7 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - char *np = get_safe_offset(param,tpscnt,param,2); + char *np = get_safe_str_ptr(param,tpscnt,param,2); char *p = skip_string(param,tpscnt,np,2); fstring user; fstring pass1,pass2; @@ -2365,7 +2364,7 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, memset(pass1,'\0',sizeof(pass1)); memset(pass2,'\0',sizeof(pass2)); - if (get_safe_offset(param,tpscnt,p,32) == NULL) { + if (!is_offset_safe(param,tpscnt,p,32)) { return False; } memcpy(pass1,p,16); @@ -2447,7 +2446,7 @@ static BOOL api_SamOEMChangePassword(connection_struct *conn,uint16 vuid, int *rdata_len,int *rparam_len) { fstring user; - char *p = get_safe_offset(param,tpscnt,param,2); + char *p = get_safe_str_ptr(param,tpscnt,param,2); *rparam_len = 2; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); if (!*rparam) { @@ -2524,8 +2523,8 @@ static BOOL api_RDosPrintJobDel(connection_struct *conn,uint16 vuid, char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - int function = get_safe_offset(param,tpscnt,param,2) ? SVAL(param,0) : 0; - char *str1 = get_safe_offset(param,tpscnt,param,2); + int function = get_safe_SVAL(param,tpscnt,param,0,0); + char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1,1); char *p = skip_string(param,tpscnt,str2,1); uint32 jobid; @@ -2537,7 +2536,7 @@ static BOOL api_RDosPrintJobDel(connection_struct *conn,uint16 vuid, if (!str1 || !str2 || !p) { return False; } - if (get_safe_offset(param,tpscnt,p,2) == NULL) { + if (!is_offset_safe(param,tpscnt,p,2)) { return False; } if(!rap_to_pjobid(SVAL(p,0), sharename, &jobid)) @@ -2603,8 +2602,8 @@ static BOOL api_WPrintQueueCtrl(connection_struct *conn,uint16 vuid, char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - int function = get_safe_offset(param,tpscnt,param,2) ? SVAL(param,0) : 0; - char *str1 = get_safe_offset(param,tpscnt,param,2); + int function = get_safe_SVAL(param,tpscnt,param,0,0); + char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1,1); char *QueueName = skip_string(param,tpscnt,str2,1); int errcode = NERR_notsupported; @@ -2626,6 +2625,9 @@ static BOOL api_WPrintQueueCtrl(connection_struct *conn,uint16 vuid, } *rdata_len = 0; + if (skip_string(param,tpscnt,QueueName,1) == NULL) { + return False; + } snum = print_queue_snum(QueueName); if (snum == -1) { @@ -2686,19 +2688,19 @@ static BOOL api_PrintJobInfo(connection_struct *conn, uint16 vuid, int *rdata_len,int *rparam_len) { struct pack_desc desc; - char *str1 = get_safe_offset(param,tpscnt,param,2); + char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1,1); char *p = skip_string(param,tpscnt,str2,1); uint32 jobid; fstring sharename; - int uLevel = get_safe_offset(param,tpscnt,p,4) ? SVAL(p,2) : -1; - int function = get_safe_offset(param,tpscnt,p,6) ? SVAL(p,4) : -1; + int uLevel = get_safe_SVAL(param,tpscnt,p,2,-1); + int function = get_safe_SVAL(param,tpscnt,p,4,-1); int place, errcode; if (!str1 || !str2 || !p) { return False; } - if (get_safe_offset(param,tpscnt,p,2) == NULL) { + if (!is_offset_safe(param,tpscnt,p,2)) { return False; } if(!rap_to_pjobid(SVAL(p,0), sharename, &jobid)) @@ -2769,10 +2771,10 @@ static BOOL api_RNetServerGetInfo(connection_struct *conn,uint16 vuid, char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - char *str1 = get_safe_offset(param,tpscnt,param,2); + char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1,1); char *p = skip_string(param,tpscnt,str2,1); - int uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1; + int uLevel = get_safe_SVAL(param,tpscnt,p,0,-1); char *p2; int struct_len; @@ -2910,11 +2912,11 @@ static BOOL api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid, char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - char *str1 = get_safe_offset(param,tpscnt,param,2); + char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1,1); char *p = skip_string(param,tpscnt,str2,1); char *p2; - int level = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1; + int level = get_safe_SVAL(param,tpscnt,p,0,-1); if (!str1 || !str2 || !p) { return False; @@ -2943,7 +2945,7 @@ static BOOL api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid, SSVAL(*rparam,2,0); /* converter word */ p = *rdata; - p2 = get_safe_offset(*rdata,*rdata_len,p,22); + p2 = get_safe_ptr(*rdata,*rdata_len,p,22); if (!p2) { return False; } @@ -3178,11 +3180,11 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn, uint16 vuid, char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - char *str1 = get_safe_offset(param,tpscnt,param,2); + char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1,1); char *UserName = skip_string(param,tpscnt,str2,1); char *p = skip_string(param,tpscnt,UserName,1); - int uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1; + int uLevel = get_safe_SVAL(param,tpscnt,p,0,-1); char *p2; const char *level_string; @@ -3234,7 +3236,7 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn, uint16 vuid, SSVAL(*rparam,2,0); /* converter word */ p = *rdata; - p2 = get_safe_offset(*rdata,*rdata_len,p,usri11_end); + p2 = get_safe_ptr(*rdata,*rdata_len,p,usri11_end); if (!p2) { return False; } @@ -3398,7 +3400,7 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - char *str1 = get_safe_offset(param,tpscnt,param,2); + char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1,1); char *p = skip_string(param,tpscnt,str2,1); int uLevel; @@ -3417,11 +3419,11 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, vuser->user.unix_name)); } - uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1; - if (skip_string(param,tpscnt,p+2,1) == NULL) { + uLevel = get_safe_SVAL(param,tpscnt,p,0,-1); + name = get_safe_str_ptr(param,tpscnt,p,2); + if (!name) { return False; } - name = p + 2; memset((char *)&desc,'\0',sizeof(desc)); @@ -3501,7 +3503,7 @@ static BOOL api_WAccessGetUserPerms(connection_struct *conn,uint16 vuid, char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - char *str1 = get_safe_offset(param,tpscnt,param,2); + char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1,1); char *user = skip_string(param,tpscnt,str2,1); char *resource = skip_string(param,tpscnt,user,1); @@ -3510,6 +3512,9 @@ static BOOL api_WAccessGetUserPerms(connection_struct *conn,uint16 vuid, return False; } + if (skip_string(param,tpscnt,resource,1) == NULL) { + return False; + } DEBUG(3,("WAccessGetUserPerms user=%s resource=%s\n",user,resource)); /* check it's a supported varient */ @@ -3543,7 +3548,7 @@ static BOOL api_WPrintJobGetInfo(connection_struct *conn, uint16 vuid, char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - char *str1 = get_safe_offset(param,tpscnt,param,2); + char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1,1); char *p = skip_string(param,tpscnt,str2,1); int uLevel; @@ -3561,7 +3566,7 @@ static BOOL api_WPrintJobGetInfo(connection_struct *conn, uint16 vuid, return False; } - uLevel = get_safe_offset(param,tpscnt,p,4) ? SVAL(p,2) : -1; + uLevel = get_safe_SVAL(param,tpscnt,p,2,-1); memset((char *)&desc,'\0',sizeof(desc)); memset((char *)&status,'\0',sizeof(status)); @@ -3642,7 +3647,7 @@ static BOOL api_WPrintJobEnumerate(connection_struct *conn, uint16 vuid, char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - char *str1 = get_safe_offset(param,tpscnt,param,2); + char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1,1); char *p = skip_string(param,tpscnt,str2,1); char *name = p; @@ -3665,7 +3670,7 @@ static BOOL api_WPrintJobEnumerate(connection_struct *conn, uint16 vuid, if (!p) { return False; } - uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1; + uLevel = get_safe_SVAL(param,tpscnt,p,0,-1); DEBUG(3,("WPrintJobEnumerate uLevel=%d name=%s\n",uLevel,name)); @@ -3795,7 +3800,7 @@ static BOOL api_WPrintDestGetInfo(connection_struct *conn, uint16 vuid, char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - char *str1 = get_safe_offset(param,tpscnt,param,2); + char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1,1); char *p = skip_string(param,tpscnt,str2,1); char* PrinterName = p; @@ -3814,7 +3819,7 @@ static BOOL api_WPrintDestGetInfo(connection_struct *conn, uint16 vuid, if (!p) { return False; } - uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1; + uLevel = get_safe_SVAL(param,tpscnt,p,0,-1); DEBUG(3,("WPrintDestGetInfo uLevel=%d PrinterName=%s\n",uLevel,PrinterName)); @@ -3875,7 +3880,7 @@ static BOOL api_WPrintDestEnum(connection_struct *conn, uint16 vuid, char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - char *str1 = get_safe_offset(param,tpscnt,param,2); + char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1,1); char *p = skip_string(param,tpscnt,str2,1); int uLevel; @@ -3890,7 +3895,7 @@ static BOOL api_WPrintDestEnum(connection_struct *conn, uint16 vuid, memset((char *)&desc,'\0',sizeof(desc)); - uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1; + uLevel = get_safe_SVAL(param,tpscnt,p,0,-1); DEBUG(3,("WPrintDestEnum uLevel=%d\n",uLevel)); @@ -3956,7 +3961,7 @@ static BOOL api_WPrintDriverEnum(connection_struct *conn, uint16 vuid, char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - char *str1 = get_safe_offset(param,tpscnt,param,2); + char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1,1); char *p = skip_string(param,tpscnt,str2,1); int uLevel; @@ -3969,7 +3974,7 @@ static BOOL api_WPrintDriverEnum(connection_struct *conn, uint16 vuid, memset((char *)&desc,'\0',sizeof(desc)); - uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : 0; + uLevel = get_safe_SVAL(param,tpscnt,p,0,-1); DEBUG(3,("WPrintDriverEnum uLevel=%d\n",uLevel)); @@ -4019,7 +4024,7 @@ static BOOL api_WPrintQProcEnum(connection_struct *conn, uint16 vuid, char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - char *str1 = get_safe_offset(param,tpscnt,param,2); + char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1,1); char *p = skip_string(param,tpscnt,str2,1); int uLevel; @@ -4031,7 +4036,7 @@ static BOOL api_WPrintQProcEnum(connection_struct *conn, uint16 vuid, } memset((char *)&desc,'\0',sizeof(desc)); - uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1; + uLevel = get_safe_SVAL(param,tpscnt,p,0,-1); DEBUG(3,("WPrintQProcEnum uLevel=%d\n",uLevel)); @@ -4082,7 +4087,7 @@ static BOOL api_WPrintPortEnum(connection_struct *conn, uint16 vuid, char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - char *str1 = get_safe_offset(param,tpscnt,param,2); + char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1,1); char *p = skip_string(param,tpscnt,str2,1); int uLevel; @@ -4095,7 +4100,7 @@ static BOOL api_WPrintPortEnum(connection_struct *conn, uint16 vuid, memset((char *)&desc,'\0',sizeof(desc)); - uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1; + uLevel = get_safe_SVAL(param,tpscnt,p,0,-1); DEBUG(3,("WPrintPortEnum uLevel=%d\n",uLevel)); @@ -4152,7 +4157,7 @@ static BOOL api_RNetSessionEnum(connection_struct *conn, uint16 vuid, int *rdata_len,int *rparam_len) { - char *str1 = get_safe_offset(param,tpscnt,param,2); + char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1,1); char *p = skip_string(param,tpscnt,str2,1); int uLevel; @@ -4166,7 +4171,7 @@ static BOOL api_RNetSessionEnum(connection_struct *conn, uint16 vuid, memset((char *)&desc,'\0',sizeof(desc)); - uLevel = get_safe_offset(param,tpscnt,p,2) ? SVAL(p,0) : -1; + uLevel = get_safe_SVAL(param,tpscnt,p,0,-1); DEBUG(3,("RNetSessionEnum uLevel=%d\n",uLevel)); DEBUG(7,("RNetSessionEnum req string=%s\n",str1)); -- cgit