svn commit: samba r8518 - in branches/SAMBA_4_0/source/librpc/ndr: .

Sun, 17 Jul 2005 02:08:45 -0700 

Author: tridge
Date: 2005-07-17 09:08:19 +0000 (Sun, 17 Jul 2005)
New Revision: 8518

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=8518

Log:
ensure all constructed NDR packets are null terminated. This is needed
by the new ldb code dealing with binary records, but is also a good
defensive strategy in general


Modified:
   branches/SAMBA_4_0/source/librpc/ndr/ndr.c


Changeset:
Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr.c
===================================================================
--- branches/SAMBA_4_0/source/librpc/ndr/ndr.c  2005-07-17 09:06:58 UTC (rev 
8517)
+++ branches/SAMBA_4_0/source/librpc/ndr/ndr.c  2005-07-17 09:08:19 UTC (rev 
8518)
@@ -165,13 +165,14 @@
 */
 NTSTATUS ndr_push_expand(struct ndr_push *ndr, uint32_t size)
 {
-       if (ndr->alloc_size >= size) {
+       if (ndr->alloc_size > size) {
+               ndr->data[size] = 0;
                return NT_STATUS_OK;
        }
 
        ndr->alloc_size += NDR_BASE_MARSHALL_SIZE;
-       if (size > ndr->alloc_size) {
-               ndr->alloc_size = size;
+       if (size+1 > ndr->alloc_size) {
+               ndr->alloc_size = size+1;
        }
        ndr->data = talloc_realloc(ndr, ndr->data, uint8_t, ndr->alloc_size);
        if (!ndr->data) {
@@ -346,7 +347,7 @@
                NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &content_size));
                if (size_is >= 0 && size_is != content_size) {
                        return ndr_pull_error(ndr, NDR_ERR_SUBCONTEXT, "Bad 
subcontext (PULL) size_is(%d) mismatch content_size %d", 
-                                               size_is, content_size);
+                                               (int)size_is, 
(int)content_size);
                }
                NDR_CHECK(ndr_pull_subcontext(ndr, ndr2, content_size));
                break;
@@ -357,14 +358,14 @@
                NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &content_size));
                if (size_is >= 0 && size_is != content_size) {
                        return ndr_pull_error(ndr, NDR_ERR_SUBCONTEXT, "Bad 
subcontext (PULL) size_is(%d) mismatch content_size %d", 
-                                               size_is, content_size);
+                                               (int)size_is, 
(int)content_size);
                }
                NDR_CHECK(ndr_pull_subcontext(ndr, ndr2, content_size));
                break;
        }
        default:
                return ndr_pull_error(ndr, NDR_ERR_SUBCONTEXT, "Bad subcontext 
(PULL) header_size %d", 
-                                     header_size);
+                                     (int)header_size);
        }
        return NT_STATUS_OK;
 }
@@ -383,7 +384,7 @@
                        NDR_CHECK(ndr_push_zero(ndr2, padding_len));
                } else if (padding_len < 0) {
                        return ndr_push_error(ndr, NDR_ERR_SUBCONTEXT, "Bad 
subcontext (PUSH) content_size %d is larger than size_is(%d)",
-                                             ndr2->offset, size_is);
+                                             (int)ndr2->offset, (int)size_is);
                }
        }
 
@@ -401,7 +402,7 @@
 
        default:
                return ndr_push_error(ndr, NDR_ERR_SUBCONTEXT, "Bad subcontext 
header size %d", 
-                                     header_size);
+                                     (int)header_size);
        }
        return NT_STATUS_OK;
 }

Reply via email to