From 8d0f79595b4220736b7e84d30440035780044078 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 13 Oct 2004 12:55:10 +0000 Subject: r2948: added support for the [range(low,high)] attribute in pidl. This allows range checking of any integer value, to help protect against denial of service attacks (which could otherwise cause large memory allocations) (This used to be commit dbe6430d78f1b9aa59969074077e4afa5adf7570) --- source4/build/pidl/parser.pm | 5 +++++ source4/librpc/ndr/libndr.h | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/build/pidl/parser.pm b/source4/build/pidl/parser.pm index edecc24284..abf5785a45 100644 --- a/source4/build/pidl/parser.pm +++ b/source4/build/pidl/parser.pm @@ -547,6 +547,11 @@ sub ParseElementPullScalar($$$) } else { pidl "\tNDR_CHECK(ndr_pull_$e->{TYPE}(ndr, $ndr_flags, $cprefix$var_prefix$e->{NAME}));\n"; } + if (my $range = util::has_property($e, "range")) { + my ($low, $high) = split(/ /, $range, 2); + pidl "\tif ($var_prefix$e->{NAME} < $low || $var_prefix$e->{NAME} > $high) {\n"; + pidl "\t\treturn ndr_pull_error(ndr, NDR_ERR_RANGE, \"value out of range\");\n\t}\n"; + } end_flags($e); } diff --git a/source4/librpc/ndr/libndr.h b/source4/librpc/ndr/libndr.h index 8894877721..59e8b744df 100644 --- a/source4/librpc/ndr/libndr.h +++ b/source4/librpc/ndr/libndr.h @@ -141,7 +141,8 @@ enum ndr_err_code { NDR_ERR_STRING, NDR_ERR_VALIDATE, NDR_ERR_BUFSIZE, - NDR_ERR_ALLOC + NDR_ERR_ALLOC, + NDR_ERR_RANGE }; /* -- cgit