The Samba-Bugzilla – Attachment 898 Details for
Bug 2211
Incorrect parsing of security descriptor sent from Windows NT
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
New proposed patch.
look (text/plain), 3.70 KB, created by
Jeremy Allison
on 2005-01-19 18:49:21 UTC
(
hide
)
Description:
New proposed patch.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2005-01-19 18:49:21 UTC
Size:
3.70 KB
patch
obsolete
>Index: rpc_parse/parse_sec.c >=================================================================== >--- rpc_parse/parse_sec.c (revision 4864) >+++ rpc_parse/parse_sec.c (working copy) >@@ -3,7 +3,7 @@ > * Version 1.9. > * RPC Pipe client / server routines > * Copyright (C) Andrew Tridgell 1992-1998, >- * Copyright (C) Jeremy R. Allison 1995-2003. >+ * Copyright (C) Jeremy R. Allison 1995-2005. > * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, > * Copyright (C) Paul Ashton 1997-1998. > * >@@ -94,8 +94,24 @@ > return False; > } > >+ /* Theorectically an ACE can have a size greater than the >+ sum of its components. When marshalling, pad with extra null bytes up to the >+ correct size. */ >+ >+ if (MARSHALLING(ps) && (psa->size > prs_offset(ps) - old_offset)) { >+ uint32 extra_len = psa->size - (prs_offset(ps) - old_offset); >+ uint32 i; >+ uint8 c = 0; >+ >+ for (i = 0; i < extra_len; i++) { >+ if (prs_uint8("ace extra space", ps, depth, &c)) >+ return False; >+ } >+ } >+ > if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_ace_size, old_offset)) > return False; >+ > return True; > } > >@@ -165,6 +181,20 @@ > return False; > } > >+ /* Theorectically an ACL can have a size greater than the >+ sum of its components. When marshalling, pad with extra null bytes up to the >+ correct size. */ >+ >+ if (MARSHALLING(ps) && (psa->size > prs_offset(ps) - old_offset)) { >+ uint32 extra_len = psa->size - (prs_offset(ps) - old_offset); >+ uint8 c = 0; >+ >+ for (i = 0; i < extra_len; i++) { >+ if (prs_uint8("acl extra space", ps, depth, &c)) >+ return False; >+ } >+ } >+ > if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_acl_size, old_offset)) > return False; > >@@ -181,7 +211,7 @@ > uint32 old_offset; > uint32 max_offset = 0; /* after we're done, move offset to end */ > uint32 tmp_offset = 0; >- >+ > SEC_DESC *psd; > > if (ppsd == NULL) >@@ -203,16 +233,6 @@ > prs_debug(ps, depth, desc, "sec_io_desc"); > depth++; > >-#if 0 >- /* >- * if alignment is needed, should be done by the the >- * caller. Not here. This caused me problems when marshalling >- * printer info into a buffer. --jerry >- */ >- if(!prs_align(ps)) >- return False; >-#endif >- > /* start of security descriptor stored for back-calc offset purposes */ > old_offset = prs_offset(ps); > >@@ -222,6 +242,42 @@ > if(!prs_uint16("type ", ps, depth, &psd->type)) > return False; > >+ if (MARSHALLING(ps)) { >+ uint32 offset = SEC_DESC_HEADER_SIZE; >+ >+ /* >+ * Work out the offsets here, as we write it out. >+ */ >+ >+ if (psd->sacl != NULL) { >+ psd->off_sacl = offset; >+ offset += psd->sacl->size; >+ } else { >+ psd->off_sacl = 0; >+ } >+ >+ if (psd->dacl != NULL) { >+ psd->off_dacl = offset; >+ offset += psd->dacl->size; >+ } else { >+ psd->off_dacl = 0; >+ } >+ >+ if (psd->owner_sid != NULL) { >+ psd->off_owner_sid = offset; >+ offset += sid_size(psd->owner_sid); >+ } else { >+ psd->off_owner_sid = 0; >+ } >+ >+ if (psd->grp_sid != NULL) { >+ psd->off_grp_sid = offset; >+ offset += sid_size(psd->grp_sid); >+ } else { >+ psd->off_grp_sid = 0; >+ } >+ } >+ > if(!prs_uint32("off_owner_sid", ps, depth, &psd->off_owner_sid)) > return False; > >@@ -289,7 +345,6 @@ > return False; > } > >- > if ((psd->type & SEC_DESC_DACL_PRESENT) && psd->off_dacl != 0) { > tmp_offset = prs_offset(ps); > if(!prs_set_offset(ps, old_offset + psd->off_dacl)) >@@ -303,6 +358,7 @@ > > if(!prs_set_offset(ps, max_offset)) > return False; >+ > return True; > } >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 2211
:
879
|
892
| 898