The Samba-Bugzilla – Attachment 15690 Details for
Bug 14219
[FUZZING] Heap-buffer-overflow in ndr_string_length()
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for master
ndr_string_length2.patch (text/plain), 28.06 KB, created by
Andreas Schneider
on 2019-12-16 15:58:30 UTC
(
hide
)
Description:
patch for master
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2019-12-16 15:58:30 UTC
Size:
28.06 KB
patch
obsolete
>From d8a4741751c415986ec3778684a721a98146eba9 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Mon, 16 Dec 2019 15:50:17 +0100 >Subject: [PATCH 1/4] librpc: Add ndr_string_length2() > >Pair-Programmed-With: Guenther Deschner <gd@samba.org> >Signed-off-by: Guenther Deschner <gd@samba.org> >Signed-off-by: Andreas Schneider <asn@samba.org> >--- > librpc/ABI/ndr-1.1.0.sigs | 264 ++++++++++++++++++++++++++++++++++++++ > librpc/ndr/libndr.h | 19 +++ > librpc/ndr/ndr_string.c | 27 ++++ > librpc/wscript_build | 2 +- > 4 files changed, 311 insertions(+), 1 deletion(-) > create mode 100644 librpc/ABI/ndr-1.1.0.sigs > >diff --git a/librpc/ABI/ndr-1.1.0.sigs b/librpc/ABI/ndr-1.1.0.sigs >new file mode 100644 >index 00000000000..bebe8f39844 >--- /dev/null >+++ b/librpc/ABI/ndr-1.1.0.sigs >@@ -0,0 +1,264 @@ >+GUID_all_zero: bool (const struct GUID *) >+GUID_buf_string: char *(const struct GUID *, struct GUID_txt_buf *) >+GUID_compare: int (const struct GUID *, const struct GUID *) >+GUID_equal: bool (const struct GUID *, const struct GUID *) >+GUID_from_data_blob: NTSTATUS (const DATA_BLOB *, struct GUID *) >+GUID_from_ndr_blob: NTSTATUS (const DATA_BLOB *, struct GUID *) >+GUID_from_string: NTSTATUS (const char *, struct GUID *) >+GUID_hexstring: char *(TALLOC_CTX *, const struct GUID *) >+GUID_random: struct GUID (void) >+GUID_string: char *(TALLOC_CTX *, const struct GUID *) >+GUID_string2: char *(TALLOC_CTX *, const struct GUID *) >+GUID_to_ndr_blob: NTSTATUS (const struct GUID *, TALLOC_CTX *, DATA_BLOB *) >+GUID_zero: struct GUID (void) >+_ndr_pull_error: enum ndr_err_code (struct ndr_pull *, enum ndr_err_code, const char *, const char *, const char *, ...) >+_ndr_push_error: enum ndr_err_code (struct ndr_push *, enum ndr_err_code, const char *, const char *, const char *, ...) >+ndr_align_size: size_t (uint32_t, size_t) >+ndr_charset_length: uint32_t (const void *, charset_t) >+ndr_check_array_length: enum ndr_err_code (struct ndr_pull *, void *, uint32_t) >+ndr_check_array_size: enum ndr_err_code (struct ndr_pull *, void *, uint32_t) >+ndr_check_padding: void (struct ndr_pull *, size_t) >+ndr_check_pipe_chunk_trailer: enum ndr_err_code (struct ndr_pull *, int, uint32_t) >+ndr_check_string_terminator: enum ndr_err_code (struct ndr_pull *, uint32_t, uint32_t) >+ndr_get_array_length: uint32_t (struct ndr_pull *, const void *) >+ndr_get_array_size: uint32_t (struct ndr_pull *, const void *) >+ndr_map_error2errno: int (enum ndr_err_code) >+ndr_map_error2ntstatus: NTSTATUS (enum ndr_err_code) >+ndr_map_error2string: const char *(enum ndr_err_code) >+ndr_policy_handle_empty: bool (const struct policy_handle *) >+ndr_policy_handle_equal: bool (const struct policy_handle *, const struct policy_handle *) >+ndr_print_DATA_BLOB: void (struct ndr_print *, const char *, DATA_BLOB) >+ndr_print_GUID: void (struct ndr_print *, const char *, const struct GUID *) >+ndr_print_HRESULT: void (struct ndr_print *, const char *, HRESULT) >+ndr_print_KRB5_EDATA_NTSTATUS: void (struct ndr_print *, const char *, const struct KRB5_EDATA_NTSTATUS *) >+ndr_print_NTSTATUS: void (struct ndr_print *, const char *, NTSTATUS) >+ndr_print_NTTIME: void (struct ndr_print *, const char *, NTTIME) >+ndr_print_NTTIME_1sec: void (struct ndr_print *, const char *, NTTIME) >+ndr_print_NTTIME_hyper: void (struct ndr_print *, const char *, NTTIME) >+ndr_print_WERROR: void (struct ndr_print *, const char *, WERROR) >+ndr_print_array_uint8: void (struct ndr_print *, const char *, const uint8_t *, uint32_t) >+ndr_print_bad_level: void (struct ndr_print *, const char *, uint16_t) >+ndr_print_bitmap_flag: void (struct ndr_print *, size_t, const char *, uint32_t, uint32_t) >+ndr_print_bool: void (struct ndr_print *, const char *, const bool) >+ndr_print_debug: void (ndr_print_fn_t, const char *, void *) >+ndr_print_debug_helper: void (struct ndr_print *, const char *, ...) >+ndr_print_debugc: void (int, ndr_print_fn_t, const char *, void *) >+ndr_print_debugc_helper: void (struct ndr_print *, const char *, ...) >+ndr_print_dlong: void (struct ndr_print *, const char *, int64_t) >+ndr_print_double: void (struct ndr_print *, const char *, double) >+ndr_print_enum: void (struct ndr_print *, const char *, const char *, const char *, uint32_t) >+ndr_print_function_debug: void (ndr_print_function_t, const char *, int, void *) >+ndr_print_function_string: char *(TALLOC_CTX *, ndr_print_function_t, const char *, int, void *) >+ndr_print_gid_t: void (struct ndr_print *, const char *, gid_t) >+ndr_print_hyper: void (struct ndr_print *, const char *, uint64_t) >+ndr_print_int16: void (struct ndr_print *, const char *, int16_t) >+ndr_print_int32: void (struct ndr_print *, const char *, int32_t) >+ndr_print_int3264: void (struct ndr_print *, const char *, int32_t) >+ndr_print_int8: void (struct ndr_print *, const char *, int8_t) >+ndr_print_ipv4address: void (struct ndr_print *, const char *, const char *) >+ndr_print_ipv6address: void (struct ndr_print *, const char *, const char *) >+ndr_print_ndr_syntax_id: void (struct ndr_print *, const char *, const struct ndr_syntax_id *) >+ndr_print_netr_SamDatabaseID: void (struct ndr_print *, const char *, enum netr_SamDatabaseID) >+ndr_print_netr_SchannelType: void (struct ndr_print *, const char *, enum netr_SchannelType) >+ndr_print_null: void (struct ndr_print *) >+ndr_print_pointer: void (struct ndr_print *, const char *, void *) >+ndr_print_policy_handle: void (struct ndr_print *, const char *, const struct policy_handle *) >+ndr_print_printf_helper: void (struct ndr_print *, const char *, ...) >+ndr_print_ptr: void (struct ndr_print *, const char *, const void *) >+ndr_print_set_switch_value: enum ndr_err_code (struct ndr_print *, const void *, uint32_t) >+ndr_print_sockaddr_storage: void (struct ndr_print *, const char *, const struct sockaddr_storage *) >+ndr_print_steal_switch_value: uint32_t (struct ndr_print *, const void *) >+ndr_print_string: void (struct ndr_print *, const char *, const char *) >+ndr_print_string_array: void (struct ndr_print *, const char *, const char **) >+ndr_print_string_helper: void (struct ndr_print *, const char *, ...) >+ndr_print_struct: void (struct ndr_print *, const char *, const char *) >+ndr_print_struct_string: char *(TALLOC_CTX *, ndr_print_fn_t, const char *, void *) >+ndr_print_svcctl_ServerType: void (struct ndr_print *, const char *, uint32_t) >+ndr_print_time_t: void (struct ndr_print *, const char *, time_t) >+ndr_print_timespec: void (struct ndr_print *, const char *, const struct timespec *) >+ndr_print_timeval: void (struct ndr_print *, const char *, const struct timeval *) >+ndr_print_udlong: void (struct ndr_print *, const char *, uint64_t) >+ndr_print_udlongr: void (struct ndr_print *, const char *, uint64_t) >+ndr_print_uid_t: void (struct ndr_print *, const char *, uid_t) >+ndr_print_uint16: void (struct ndr_print *, const char *, uint16_t) >+ndr_print_uint32: void (struct ndr_print *, const char *, uint32_t) >+ndr_print_uint3264: void (struct ndr_print *, const char *, uint32_t) >+ndr_print_uint8: void (struct ndr_print *, const char *, uint8_t) >+ndr_print_union: void (struct ndr_print *, const char *, int, const char *) >+ndr_print_union_debug: void (ndr_print_fn_t, const char *, uint32_t, void *) >+ndr_print_union_string: char *(TALLOC_CTX *, ndr_print_fn_t, const char *, uint32_t, void *) >+ndr_print_winreg_Data: void (struct ndr_print *, const char *, const union winreg_Data *) >+ndr_print_winreg_Data_GPO: void (struct ndr_print *, const char *, const union winreg_Data_GPO *) >+ndr_print_winreg_Type: void (struct ndr_print *, const char *, enum winreg_Type) >+ndr_pull_DATA_BLOB: enum ndr_err_code (struct ndr_pull *, int, DATA_BLOB *) >+ndr_pull_GUID: enum ndr_err_code (struct ndr_pull *, int, struct GUID *) >+ndr_pull_HRESULT: enum ndr_err_code (struct ndr_pull *, int, HRESULT *) >+ndr_pull_KRB5_EDATA_NTSTATUS: enum ndr_err_code (struct ndr_pull *, int, struct KRB5_EDATA_NTSTATUS *) >+ndr_pull_NTSTATUS: enum ndr_err_code (struct ndr_pull *, int, NTSTATUS *) >+ndr_pull_NTTIME: enum ndr_err_code (struct ndr_pull *, int, NTTIME *) >+ndr_pull_NTTIME_1sec: enum ndr_err_code (struct ndr_pull *, int, NTTIME *) >+ndr_pull_NTTIME_hyper: enum ndr_err_code (struct ndr_pull *, int, NTTIME *) >+ndr_pull_WERROR: enum ndr_err_code (struct ndr_pull *, int, WERROR *) >+ndr_pull_advance: enum ndr_err_code (struct ndr_pull *, uint32_t) >+ndr_pull_align: enum ndr_err_code (struct ndr_pull *, size_t) >+ndr_pull_append: enum ndr_err_code (struct ndr_pull *, DATA_BLOB *) >+ndr_pull_array_length: enum ndr_err_code (struct ndr_pull *, const void *) >+ndr_pull_array_size: enum ndr_err_code (struct ndr_pull *, const void *) >+ndr_pull_array_uint8: enum ndr_err_code (struct ndr_pull *, int, uint8_t *, uint32_t) >+ndr_pull_bytes: enum ndr_err_code (struct ndr_pull *, uint8_t *, uint32_t) >+ndr_pull_charset: enum ndr_err_code (struct ndr_pull *, int, const char **, uint32_t, uint8_t, charset_t) >+ndr_pull_charset_to_null: enum ndr_err_code (struct ndr_pull *, int, const char **, uint32_t, uint8_t, charset_t) >+ndr_pull_dlong: enum ndr_err_code (struct ndr_pull *, int, int64_t *) >+ndr_pull_double: enum ndr_err_code (struct ndr_pull *, int, double *) >+ndr_pull_enum_uint16: enum ndr_err_code (struct ndr_pull *, int, uint16_t *) >+ndr_pull_enum_uint1632: enum ndr_err_code (struct ndr_pull *, int, uint16_t *) >+ndr_pull_enum_uint32: enum ndr_err_code (struct ndr_pull *, int, uint32_t *) >+ndr_pull_enum_uint8: enum ndr_err_code (struct ndr_pull *, int, uint8_t *) >+ndr_pull_generic_ptr: enum ndr_err_code (struct ndr_pull *, uint32_t *) >+ndr_pull_get_relative_base_offset: uint32_t (struct ndr_pull *) >+ndr_pull_gid_t: enum ndr_err_code (struct ndr_pull *, int, gid_t *) >+ndr_pull_hyper: enum ndr_err_code (struct ndr_pull *, int, uint64_t *) >+ndr_pull_init_blob: struct ndr_pull *(const DATA_BLOB *, TALLOC_CTX *) >+ndr_pull_int16: enum ndr_err_code (struct ndr_pull *, int, int16_t *) >+ndr_pull_int32: enum ndr_err_code (struct ndr_pull *, int, int32_t *) >+ndr_pull_int8: enum ndr_err_code (struct ndr_pull *, int, int8_t *) >+ndr_pull_ipv4address: enum ndr_err_code (struct ndr_pull *, int, const char **) >+ndr_pull_ipv6address: enum ndr_err_code (struct ndr_pull *, int, const char **) >+ndr_pull_ndr_syntax_id: enum ndr_err_code (struct ndr_pull *, int, struct ndr_syntax_id *) >+ndr_pull_netr_SamDatabaseID: enum ndr_err_code (struct ndr_pull *, int, enum netr_SamDatabaseID *) >+ndr_pull_netr_SchannelType: enum ndr_err_code (struct ndr_pull *, int, enum netr_SchannelType *) >+ndr_pull_pointer: enum ndr_err_code (struct ndr_pull *, int, void **) >+ndr_pull_policy_handle: enum ndr_err_code (struct ndr_pull *, int, struct policy_handle *) >+ndr_pull_pop: enum ndr_err_code (struct ndr_pull *) >+ndr_pull_ref_ptr: enum ndr_err_code (struct ndr_pull *, uint32_t *) >+ndr_pull_relative_ptr1: enum ndr_err_code (struct ndr_pull *, const void *, uint32_t) >+ndr_pull_relative_ptr2: enum ndr_err_code (struct ndr_pull *, const void *) >+ndr_pull_relative_ptr_short: enum ndr_err_code (struct ndr_pull *, uint16_t *) >+ndr_pull_restore_relative_base_offset: void (struct ndr_pull *, uint32_t) >+ndr_pull_set_switch_value: enum ndr_err_code (struct ndr_pull *, const void *, uint32_t) >+ndr_pull_setup_relative_base_offset1: enum ndr_err_code (struct ndr_pull *, const void *, uint32_t) >+ndr_pull_setup_relative_base_offset2: enum ndr_err_code (struct ndr_pull *, const void *) >+ndr_pull_steal_switch_value: enum ndr_err_code (struct ndr_pull *, const void *, uint32_t *) >+ndr_pull_string: enum ndr_err_code (struct ndr_pull *, int, const char **) >+ndr_pull_string_array: enum ndr_err_code (struct ndr_pull *, int, const char ***) >+ndr_pull_struct_blob: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, ndr_pull_flags_fn_t) >+ndr_pull_struct_blob_all: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, ndr_pull_flags_fn_t) >+ndr_pull_struct_blob_all_noalloc: enum ndr_err_code (const DATA_BLOB *, void *, ndr_pull_flags_fn_t) >+ndr_pull_subcontext_end: enum ndr_err_code (struct ndr_pull *, struct ndr_pull *, size_t, ssize_t) >+ndr_pull_subcontext_start: enum ndr_err_code (struct ndr_pull *, struct ndr_pull **, size_t, ssize_t) >+ndr_pull_svcctl_ServerType: enum ndr_err_code (struct ndr_pull *, int, uint32_t *) >+ndr_pull_time_t: enum ndr_err_code (struct ndr_pull *, int, time_t *) >+ndr_pull_timespec: enum ndr_err_code (struct ndr_pull *, int, struct timespec *) >+ndr_pull_timeval: enum ndr_err_code (struct ndr_pull *, int, struct timeval *) >+ndr_pull_trailer_align: enum ndr_err_code (struct ndr_pull *, size_t) >+ndr_pull_udlong: enum ndr_err_code (struct ndr_pull *, int, uint64_t *) >+ndr_pull_udlongr: enum ndr_err_code (struct ndr_pull *, int, uint64_t *) >+ndr_pull_uid_t: enum ndr_err_code (struct ndr_pull *, int, uid_t *) >+ndr_pull_uint16: enum ndr_err_code (struct ndr_pull *, int, uint16_t *) >+ndr_pull_uint1632: enum ndr_err_code (struct ndr_pull *, int, uint16_t *) >+ndr_pull_uint32: enum ndr_err_code (struct ndr_pull *, int, uint32_t *) >+ndr_pull_uint3264: enum ndr_err_code (struct ndr_pull *, int, uint32_t *) >+ndr_pull_uint8: enum ndr_err_code (struct ndr_pull *, int, uint8_t *) >+ndr_pull_union_align: enum ndr_err_code (struct ndr_pull *, size_t) >+ndr_pull_union_blob: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, uint32_t, ndr_pull_flags_fn_t) >+ndr_pull_union_blob_all: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, uint32_t, ndr_pull_flags_fn_t) >+ndr_pull_winreg_Data: enum ndr_err_code (struct ndr_pull *, int, union winreg_Data *) >+ndr_pull_winreg_Data_GPO: enum ndr_err_code (struct ndr_pull *, int, union winreg_Data_GPO *) >+ndr_pull_winreg_Type: enum ndr_err_code (struct ndr_pull *, int, enum winreg_Type *) >+ndr_push_DATA_BLOB: enum ndr_err_code (struct ndr_push *, int, DATA_BLOB) >+ndr_push_GUID: enum ndr_err_code (struct ndr_push *, int, const struct GUID *) >+ndr_push_HRESULT: enum ndr_err_code (struct ndr_push *, int, HRESULT) >+ndr_push_KRB5_EDATA_NTSTATUS: enum ndr_err_code (struct ndr_push *, int, const struct KRB5_EDATA_NTSTATUS *) >+ndr_push_NTSTATUS: enum ndr_err_code (struct ndr_push *, int, NTSTATUS) >+ndr_push_NTTIME: enum ndr_err_code (struct ndr_push *, int, NTTIME) >+ndr_push_NTTIME_1sec: enum ndr_err_code (struct ndr_push *, int, NTTIME) >+ndr_push_NTTIME_hyper: enum ndr_err_code (struct ndr_push *, int, NTTIME) >+ndr_push_WERROR: enum ndr_err_code (struct ndr_push *, int, WERROR) >+ndr_push_align: enum ndr_err_code (struct ndr_push *, size_t) >+ndr_push_array_uint8: enum ndr_err_code (struct ndr_push *, int, const uint8_t *, uint32_t) >+ndr_push_blob: DATA_BLOB (struct ndr_push *) >+ndr_push_bytes: enum ndr_err_code (struct ndr_push *, const uint8_t *, uint32_t) >+ndr_push_charset: enum ndr_err_code (struct ndr_push *, int, const char *, uint32_t, uint8_t, charset_t) >+ndr_push_charset_to_null: enum ndr_err_code (struct ndr_push *, int, const char *, uint32_t, uint8_t, charset_t) >+ndr_push_dlong: enum ndr_err_code (struct ndr_push *, int, int64_t) >+ndr_push_double: enum ndr_err_code (struct ndr_push *, int, double) >+ndr_push_enum_uint16: enum ndr_err_code (struct ndr_push *, int, uint16_t) >+ndr_push_enum_uint1632: enum ndr_err_code (struct ndr_push *, int, uint16_t) >+ndr_push_enum_uint32: enum ndr_err_code (struct ndr_push *, int, uint32_t) >+ndr_push_enum_uint8: enum ndr_err_code (struct ndr_push *, int, uint8_t) >+ndr_push_expand: enum ndr_err_code (struct ndr_push *, uint32_t) >+ndr_push_full_ptr: enum ndr_err_code (struct ndr_push *, const void *) >+ndr_push_get_relative_base_offset: uint32_t (struct ndr_push *) >+ndr_push_gid_t: enum ndr_err_code (struct ndr_push *, int, gid_t) >+ndr_push_hyper: enum ndr_err_code (struct ndr_push *, int, uint64_t) >+ndr_push_init_ctx: struct ndr_push *(TALLOC_CTX *) >+ndr_push_int16: enum ndr_err_code (struct ndr_push *, int, int16_t) >+ndr_push_int32: enum ndr_err_code (struct ndr_push *, int, int32_t) >+ndr_push_int8: enum ndr_err_code (struct ndr_push *, int, int8_t) >+ndr_push_ipv4address: enum ndr_err_code (struct ndr_push *, int, const char *) >+ndr_push_ipv6address: enum ndr_err_code (struct ndr_push *, int, const char *) >+ndr_push_ndr_syntax_id: enum ndr_err_code (struct ndr_push *, int, const struct ndr_syntax_id *) >+ndr_push_netr_SamDatabaseID: enum ndr_err_code (struct ndr_push *, int, enum netr_SamDatabaseID) >+ndr_push_netr_SchannelType: enum ndr_err_code (struct ndr_push *, int, enum netr_SchannelType) >+ndr_push_pipe_chunk_trailer: enum ndr_err_code (struct ndr_push *, int, uint32_t) >+ndr_push_pointer: enum ndr_err_code (struct ndr_push *, int, void *) >+ndr_push_policy_handle: enum ndr_err_code (struct ndr_push *, int, const struct policy_handle *) >+ndr_push_ref_ptr: enum ndr_err_code (struct ndr_push *) >+ndr_push_relative_ptr1: enum ndr_err_code (struct ndr_push *, const void *) >+ndr_push_relative_ptr2_end: enum ndr_err_code (struct ndr_push *, const void *) >+ndr_push_relative_ptr2_start: enum ndr_err_code (struct ndr_push *, const void *) >+ndr_push_restore_relative_base_offset: void (struct ndr_push *, uint32_t) >+ndr_push_set_switch_value: enum ndr_err_code (struct ndr_push *, const void *, uint32_t) >+ndr_push_setup_relative_base_offset1: enum ndr_err_code (struct ndr_push *, const void *, uint32_t) >+ndr_push_setup_relative_base_offset2: enum ndr_err_code (struct ndr_push *, const void *) >+ndr_push_short_relative_ptr1: enum ndr_err_code (struct ndr_push *, const void *) >+ndr_push_short_relative_ptr2: enum ndr_err_code (struct ndr_push *, const void *) >+ndr_push_steal_switch_value: enum ndr_err_code (struct ndr_push *, const void *, uint32_t *) >+ndr_push_string: enum ndr_err_code (struct ndr_push *, int, const char *) >+ndr_push_string_array: enum ndr_err_code (struct ndr_push *, int, const char **) >+ndr_push_struct_blob: enum ndr_err_code (DATA_BLOB *, TALLOC_CTX *, const void *, ndr_push_flags_fn_t) >+ndr_push_struct_into_fixed_blob: enum ndr_err_code (DATA_BLOB *, const void *, ndr_push_flags_fn_t) >+ndr_push_subcontext_end: enum ndr_err_code (struct ndr_push *, struct ndr_push *, size_t, ssize_t) >+ndr_push_subcontext_start: enum ndr_err_code (struct ndr_push *, struct ndr_push **, size_t, ssize_t) >+ndr_push_svcctl_ServerType: enum ndr_err_code (struct ndr_push *, int, uint32_t) >+ndr_push_time_t: enum ndr_err_code (struct ndr_push *, int, time_t) >+ndr_push_timespec: enum ndr_err_code (struct ndr_push *, int, const struct timespec *) >+ndr_push_timeval: enum ndr_err_code (struct ndr_push *, int, const struct timeval *) >+ndr_push_trailer_align: enum ndr_err_code (struct ndr_push *, size_t) >+ndr_push_udlong: enum ndr_err_code (struct ndr_push *, int, uint64_t) >+ndr_push_udlongr: enum ndr_err_code (struct ndr_push *, int, uint64_t) >+ndr_push_uid_t: enum ndr_err_code (struct ndr_push *, int, uid_t) >+ndr_push_uint16: enum ndr_err_code (struct ndr_push *, int, uint16_t) >+ndr_push_uint1632: enum ndr_err_code (struct ndr_push *, int, uint16_t) >+ndr_push_uint32: enum ndr_err_code (struct ndr_push *, int, uint32_t) >+ndr_push_uint3264: enum ndr_err_code (struct ndr_push *, int, uint32_t) >+ndr_push_uint8: enum ndr_err_code (struct ndr_push *, int, uint8_t) >+ndr_push_union_align: enum ndr_err_code (struct ndr_push *, size_t) >+ndr_push_union_blob: enum ndr_err_code (DATA_BLOB *, TALLOC_CTX *, void *, uint32_t, ndr_push_flags_fn_t) >+ndr_push_unique_ptr: enum ndr_err_code (struct ndr_push *, const void *) >+ndr_push_winreg_Data: enum ndr_err_code (struct ndr_push *, int, const union winreg_Data *) >+ndr_push_winreg_Data_GPO: enum ndr_err_code (struct ndr_push *, int, const union winreg_Data_GPO *) >+ndr_push_winreg_Type: enum ndr_err_code (struct ndr_push *, int, enum winreg_Type) >+ndr_push_zero: enum ndr_err_code (struct ndr_push *, uint32_t) >+ndr_set_flags: void (uint32_t *, uint32_t) >+ndr_size_DATA_BLOB: uint32_t (int, const DATA_BLOB *, int) >+ndr_size_GUID: size_t (const struct GUID *, int) >+ndr_size_string: uint32_t (int, const char * const *, int) >+ndr_size_string_array: size_t (const char **, uint32_t, int) >+ndr_size_struct: size_t (const void *, int, ndr_push_flags_fn_t) >+ndr_size_union: size_t (const void *, int, uint32_t, ndr_push_flags_fn_t) >+ndr_size_winreg_Data_GPO: size_t (const union winreg_Data_GPO *, uint32_t, int) >+ndr_string_array_size: size_t (struct ndr_push *, const char *) >+ndr_string_length: uint32_t (const void *, uint32_t) >+ndr_string_length2: uint32_t (const void *, size_t, uint32_t) >+ndr_syntax_id_equal: bool (const struct ndr_syntax_id *, const struct ndr_syntax_id *) >+ndr_syntax_id_from_string: bool (const char *, struct ndr_syntax_id *) >+ndr_syntax_id_null: uuid = {time_low = 0, time_mid = 0, time_hi_and_version = 0, clock_seq = "\000", node = "\000\000\000\000\000"}, if_version = 0 >+ndr_syntax_id_to_string: char *(TALLOC_CTX *, const struct ndr_syntax_id *) >+ndr_token_peek: uint32_t (struct ndr_token_list *, const void *) >+ndr_token_retrieve: enum ndr_err_code (struct ndr_token_list *, const void *, uint32_t *) >+ndr_token_retrieve_cmp_fn: enum ndr_err_code (struct ndr_token_list *, const void *, uint32_t *, comparison_fn_t, bool) >+ndr_token_store: enum ndr_err_code (TALLOC_CTX *, struct ndr_token_list *, const void *, uint32_t) >+ndr_transfer_syntax_ndr: uuid = {time_low = 2324192516, time_mid = 7403, time_hi_and_version = 4553, clock_seq = "\237\350", node = "\b\000+\020H`"}, if_version = 2 >+ndr_transfer_syntax_ndr64: uuid = {time_low = 1903232307, time_mid = 48826, time_hi_and_version = 18743, clock_seq = "\203\031", node = "\265\333\357\234\314\066"}, if_version = 1 >+ndr_zero_memory: void (void *, size_t) >diff --git a/librpc/ndr/libndr.h b/librpc/ndr/libndr.h >index 58ef517d363..0018f118e73 100644 >--- a/librpc/ndr/libndr.h >+++ b/librpc/ndr/libndr.h >@@ -723,6 +723,25 @@ enum ndr_err_code ndr_push_string_array(struct ndr_push *ndr, int ndr_flags, con > void ndr_print_string_array(struct ndr_print *ndr, const char *name, const char **a); > size_t ndr_size_string_array(const char **a, uint32_t count, int flags); > uint32_t ndr_string_length(const void *_var, uint32_t element_size); >+ >+/** >+ * @brief Get the string length including the null terminator if available. >+ * >+ * This checks the string length based on the elements. The returned number >+ * includes the terminating null byte(s) if found. >+ * >+ * @param[in] _var The string the calculate the length for. >+ * >+ * @param[in] length The length of the buffer passed by _var. >+ * >+ * @param[in] element_size The element_size of a string char in bytes. >+ * >+ * @return The length of the strings or 0. >+ */ >+uint32_t ndr_string_length2(const void *_var, >+ size_t length, >+ uint32_t element_size); >+ > enum ndr_err_code ndr_check_string_terminator(struct ndr_pull *ndr, uint32_t count, uint32_t element_size); > enum ndr_err_code ndr_pull_charset(struct ndr_pull *ndr, int ndr_flags, const char **var, uint32_t length, uint8_t byte_mul, charset_t chset); > enum ndr_err_code ndr_pull_charset_to_null(struct ndr_pull *ndr, int ndr_flags, const char **var, uint32_t length, uint8_t byte_mul, charset_t chset); >diff --git a/librpc/ndr/ndr_string.c b/librpc/ndr/ndr_string.c >index eb0af57a6ab..0a678355fbc 100644 >--- a/librpc/ndr/ndr_string.c >+++ b/librpc/ndr/ndr_string.c >@@ -560,6 +560,33 @@ _PUBLIC_ uint32_t ndr_string_length(const void *_var, uint32_t element_size) > return i+1; > } > >+_PUBLIC_ uint32_t ndr_string_length2(const void *_var, >+ size_t length, >+ uint32_t element_size) >+{ >+ size_t i = 0; >+ uint8_t zero[4] = {0,0,0,0}; >+ const char *var = (const char *)_var; >+ int cmp; >+ >+ if (element_size > 4) { >+ return 0; >+ } >+ >+ for (i = 0; i < length; i++) { >+ cmp = memcmp(var + i, zero, element_size); >+ if (cmp == 0) { >+ break; >+ } >+ } >+ >+ if (i == length) { >+ return length; >+ } >+ >+ return i + 1; >+} >+ > _PUBLIC_ enum ndr_err_code ndr_check_string_terminator(struct ndr_pull *ndr, uint32_t count, uint32_t element_size) > { > uint32_t i; >diff --git a/librpc/wscript_build b/librpc/wscript_build >index 50cbed7e824..ae3e7f3a7db 100644 >--- a/librpc/wscript_build >+++ b/librpc/wscript_build >@@ -638,7 +638,7 @@ bld.SAMBA_LIBRARY('ndr', > public_deps='samba-errors talloc samba-util util_str_hex', > public_headers='gen_ndr/misc.h gen_ndr/ndr_misc.h ndr/libndr.h:ndr.h', > header_path= [('*gen_ndr*', 'gen_ndr')], >- vnum='1.0.0', >+ vnum='1.1.0', > abi_directory='ABI', > abi_match='!ndr_table_* ndr_* GUID_* _ndr_pull_error _ndr_push_error', > ) >-- >2.24.0 > > >From 6b9768b69da6092348ff9884115d1ed7258347f1 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Mon, 16 Dec 2019 16:45:38 +0100 >Subject: [PATCH 2/4] librpc: Add test for ndr_string_length2() > >Signed-off-by: Andreas Schneider <asn@samba.org> >--- > librpc/tests/test_ndr_string.c | 26 +++++++++++++++++++++++++- > 1 file changed, 25 insertions(+), 1 deletion(-) > >diff --git a/librpc/tests/test_ndr_string.c b/librpc/tests/test_ndr_string.c >index 6baa41bec31..e7233095bab 100644 >--- a/librpc/tests/test_ndr_string.c >+++ b/librpc/tests/test_ndr_string.c >@@ -127,12 +127,36 @@ static void test_pull_string_len_2_nul_term(void **state) > > } > >+static void test_string_length2(void **state) >+{ >+ char test_str1[5] = "Test"; >+ char test_str2[5] = {0}; >+ char test_str3[32] = "This is a test too"; >+ size_t len; >+ >+ len = ndr_string_length2(test_str1, sizeof(test_str1), 1); >+ assert_int_equal(len, 5); >+ >+ len = ndr_string_length2(test_str1, sizeof(test_str1) - 1, 1); >+ assert_int_equal(len, 4); >+ >+ len = ndr_string_length2(test_str2, sizeof(test_str2), 1); >+ assert_int_equal(len, 1); >+ >+ len = ndr_string_length2(test_str3, sizeof(test_str3), 1); >+ assert_int_equal(len, 19); >+ >+ len = ndr_string_length2(test_str3, 0, 1); >+ assert_int_equal(len, 0); >+} >+ > int main(int argc, const char **argv) > { > const struct CMUnitTest tests[] = { > cmocka_unit_test(test_pull_string_zero_len_nul_term), > cmocka_unit_test(test_pull_string_len_1_nul_term), >- cmocka_unit_test(test_pull_string_len_2_nul_term) >+ cmocka_unit_test(test_pull_string_len_2_nul_term), >+ cmocka_unit_test(test_string_length2) > }; > > cmocka_set_message_output(CM_OUTPUT_SUBUNIT); >-- >2.24.0 > > >From 66e295ddf12db135255302e875a7295256064895 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Mon, 16 Dec 2019 16:02:02 +0100 >Subject: [PATCH 3/4] librpc: Use ndr_string_length2() in > ndr_pull_charset_to_null() > >Signed-off-by: Andreas Schneider <asn@samba.org> >--- > librpc/ndr/ndr_string.c | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > >diff --git a/librpc/ndr/ndr_string.c b/librpc/ndr/ndr_string.c >index 0a678355fbc..b407f54aa2d 100644 >--- a/librpc/ndr/ndr_string.c >+++ b/librpc/ndr/ndr_string.c >@@ -656,8 +656,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_charset_to_null(struct ndr_pull *ndr, int nd > > NDR_PULL_NEED_BYTES(ndr, length*byte_mul); > >- str_len = ndr_string_length(ndr->data+ndr->offset, byte_mul); >- str_len = MIN(str_len, length); /* overrun protection */ >+ str_len = ndr_string_length2(ndr->data+ndr->offset, >+ length, >+ byte_mul); >+ if (str_len == 0) { >+ return ndr_pull_error(ndr, >+ NDR_ERR_LENGTH, >+ "Invalid string length"); >+ } > if (!convert_string_talloc(ndr->current_mem_ctx, chset, CH_UNIX, > ndr->data+ndr->offset, str_len*byte_mul, > discard_const_p(void *, var), >-- >2.24.0 > > >From 050a6afe4b49afdb27eb2b5f3604af492e8a0d1d Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Mon, 16 Dec 2019 15:51:45 +0100 >Subject: [PATCH 4/4] librpc: Mark ndr_string_legnth() as deprecated > >Signed-off-by: Andreas Schneider <asn@samba.org> >--- > librpc/ndr/libndr.h | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > >diff --git a/librpc/ndr/libndr.h b/librpc/ndr/libndr.h >index 0018f118e73..8a1ae0e5aa3 100644 >--- a/librpc/ndr/libndr.h >+++ b/librpc/ndr/libndr.h >@@ -36,6 +36,12 @@ > this provides definitions for the libcli/rpc/ MSRPC library > */ > >+#ifdef __GNUC__ >+#define NDR_DEPRECATED __attribute__ ((deprecated)) >+#else >+#define NDR_DEPRECATED >+#endif >+ > > /* > We store the token mapping in an array that is resized as necessary. >@@ -722,7 +728,6 @@ enum ndr_err_code ndr_pull_string_array(struct ndr_pull *ndr, int ndr_flags, con > enum ndr_err_code ndr_push_string_array(struct ndr_push *ndr, int ndr_flags, const char **a); > void ndr_print_string_array(struct ndr_print *ndr, const char *name, const char **a); > size_t ndr_size_string_array(const char **a, uint32_t count, int flags); >-uint32_t ndr_string_length(const void *_var, uint32_t element_size); > > /** > * @brief Get the string length including the null terminator if available. >@@ -799,4 +804,6 @@ _PUBLIC_ void ndr_print_timeval(struct ndr_print *ndr, const char *name, > > > >+NDR_DEPRECATED uint32_t ndr_string_length(const void *_var, uint32_t element_size); >+ > #endif /* __LIBNDR_H__ */ >-- >2.24.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=15690">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 14219
:
15690
|
15717
|
15718