Changeset 745 for trunk/server/libcli/auth/msrpc_parse.c

Timestamp:

Nov 27, 2012, 4:43:17 PM (13 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: updated trunk to 3.6.0

Location:

trunk/server

Files:

• . (modified) (1 prop)
• libcli/auth/msrpc_parse.c (modified) (11 diffs)

trunk/server/libcli/auth/msrpc_parse.c

@@ -41 +41 @@
   C = constant ascii string
  */
-bool msrpc_gen(TALLOC_CTX *mem_ctx, 
+NTSTATUS msrpc_gen(TALLOC_CTX *mem_ctx, 
                DATA_BLOB *blob,
                const char *format, ...)
@@ -58 +58 @@
 
         pointers = talloc_array(mem_ctx, DATA_BLOB, strlen(format));
+        if (!pointers) {
+                return NT_STATUS_NO_MEMORY;
+        }
         intargs = talloc_array(pointers, int, strlen(format));
+        if (!intargs) {
+                return NT_STATUS_NO_MEMORY;
+        }
 
         /* first scan the format to work out the header and body size */
@@ -73 +79 @@
                         if (!ret) {
                                 va_end(ap);
-                                return false;
+                                return map_nt_error_from_unix(errno);
                         }
                         pointers[i].length = n;
@@ -87 +93 @@
                         if (!ret) {
                                 va_end(ap);
-                                return false;
+                                return map_nt_error_from_unix(errno);
                         }
                         pointers[i].length = n;
@@ -103 +109 @@
                         if (!ret) {
                                 va_end(ap);
-                                return false;
+                                return map_nt_error_from_unix(errno);
                         }
                         pointers[i].length = n;
@@ -133 +139 @@
                         head_size += pointers[i].length;
                         break;
+                default:
+                        va_end(ap);
+                        return NT_STATUS_INVALID_PARAMETER;
                 }
         }
         va_end(ap);
+
+        if (head_size + data_size == 0) {
+                return NT_STATUS_INVALID_PARAMETER;
+        }
 
         /* allocate the space, then scan the format again to fill in the values */
         *blob = data_blob_talloc(mem_ctx, NULL, head_size + data_size);
-
+        if (!blob->data) {
+                return NT_STATUS_NO_MEMORY;
+        }
         head_ofs = 0;
         data_ofs = head_size;
@@ -175 +190 @@
                 case 'b':
                         n = pointers[i].length;
-                        memcpy(blob->data + head_ofs, pointers[i].data, n);
+                        if (pointers[i].data && n) {
+                                /* don't follow null pointers... */
+                                memcpy(blob->data + head_ofs, pointers[i].data, n);
+                        }
                         head_ofs += n;
                         break;
@@ -183 +201 @@
                         head_ofs += n;
                         break;
+                default:
+                        va_end(ap);
+                        return NT_STATUS_INVALID_PARAMETER;
                 }
         }
@@ -189 +210 @@
         talloc_free(pointers);
 
-        return true;
+        return NT_STATUS_OK;
 }
 
@@ -229 +250 @@
         bool ret = true;
 
+        if (!p) {
+                return false;
+        }
+
         va_start(ap, format);
         for (i=0; format[i]; i++) {
@@ -334 +359 @@
                 case 'b':
                         b = (DATA_BLOB *)va_arg(ap, void *);
-                        len1 = va_arg(ap, uint_t);
+                        len1 = va_arg(ap, unsigned int);
                         /* make sure its in the right format - be strict */
                         NEED_DATA(len1);