pidl: Add recursive depth checks.

Add new parameter to elements "max_recursion" and modify pidl to call
NDR_RECURSION_CHECK and NDR_RECURSION_UNWIND for element tagged with
that attribute.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19820
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14254

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/pidl/lib/Parse/Pidl/NDR.pm b/pidl/lib/Parse/Pidl/NDR.pm
index 44338a1298d8ef352d52d87e0003c02f7578dff7..d17d0b404ed0e3122bbef5129597c4b6a3a4bf86 100644 (file)
--- a/pidl/lib/Parse/Pidl/NDR.pm
+++ b/pidl/lib/Parse/Pidl/NDR.pm
@@ -1101,6 +1101,7 @@ my %property_list = (
        "gensize"               => ["TYPEDEF", "STRUCT", "UNION"],
        "value"                 => ["ELEMENT"],
        "flag"                  => ["ELEMENT", "TYPEDEF", "STRUCT", "UNION", "ENUM", "BITMAP", "PIPE"],
+       "max_recursion"         => ["ELEMENT"],
 
        # generic
        "public"                => ["FUNCTION", "TYPEDEF", "STRUCT", "UNION", "ENUM", "BITMAP", "PIPE"],

diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
index 0d58cb5f03d5c6a4f048dd215c5770df2e6e1d83..119590f669691eea1056f098f17656d49c43c2b2 100644 (file)
--- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
+++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
@@ -993,7 +993,14 @@ sub ParseDataPull($$$$$$$)
 
                $var_name = get_pointer_to($var_name);
 
+               if (my $depth = has_property($e, "max_recursion")) {
+                       my $d = parse_int($depth);
+                       $self->pidl("NDR_RECURSION_CHECK($ndr, $d);");
+               }
                $self->pidl("NDR_CHECK(".TypeFunctionName("ndr_pull", $l->{DATA_TYPE})."($ndr, $ndr_flags, $var_name));");
+               if (has_property($e, "max_recursion")) {
+                       $self->pidl("NDR_RECURSION_UNWIND($ndr);");
+               }
 
                my $pl = GetPrevLevel($e, $l);