Unix SMB/CIFS implementation.
simple kerberos5/SPNEGO routines
Copyright (C) Andrew Tridgell 2001
- Copyright (C) Jim McDonough 2002
+ Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002
Copyright (C) Andrew Bartlett 2002-2003
This program is free software; you can redistribute it and/or modify
format specifiers are:
U = unicode string (input is unix string)
- a = address (input is BOOL unicode, char *unix_string)
+ a = address (input is char *unix_string)
(1 byte type, 1 byte length, unicode/ASCII string, all inline)
A = ASCII string (input is unix string)
B = data blob (pointer + length)
uint8 *b;
int head_size=0, data_size=0;
int head_ofs, data_ofs;
- BOOL unicode;
/* first scan the format to work out the header and body size */
va_start(ap, format);
data_size += str_ascii_charnum(s);
break;
case 'a':
- unicode = va_arg(ap, BOOL);
n = va_arg(ap, int);
s = va_arg(ap, char *);
- if (unicode) {
- data_size += (str_charnum(s) * 2) + 4;
- } else {
- data_size += (str_ascii_charnum(s)) + 4;
- }
+ data_size += (str_charnum(s) * 2) + 4;
break;
case 'B':
b = va_arg(ap, uint8 *);
data_ofs += n;
break;
case 'a':
- unicode = va_arg(ap, BOOL);
n = va_arg(ap, int);
SSVAL(blob->data, data_ofs, n); data_ofs += 2;
s = va_arg(ap, char *);
- if (unicode) {
- n = str_charnum(s);
- SSVAL(blob->data, data_ofs, n*2); data_ofs += 2;
- if (0 < n) {
- push_string(NULL, blob->data+data_ofs, s, n*2,
- STR_UNICODE|STR_NOALIGN);
- }
- data_ofs += n*2;
- } else {
- n = str_ascii_charnum(s);
- SSVAL(blob->data, data_ofs, n); data_ofs += 2;
- if (0 < n) {
- push_string(NULL, blob->data+data_ofs, s, n,
- STR_ASCII|STR_NOALIGN);
- }
- data_ofs += n;
+ n = str_charnum(s);
+ SSVAL(blob->data, data_ofs, n*2); data_ofs += 2;
+ if (0 < n) {
+ push_string(NULL, blob->data+data_ofs, s, n*2,
+ STR_UNICODE|STR_NOALIGN);
}
+ data_ofs += n*2;
break;
case 'B':
SSVAL(blob->data, head_ofs, n); head_ofs += 2;
SSVAL(blob->data, head_ofs, n); head_ofs += 2;
SIVAL(blob->data, head_ofs, data_ofs); head_ofs += 4;
- memcpy(blob->data+data_ofs, b, n);
+ if (n && b) /* don't follow null pointers... */
+ memcpy(blob->data+data_ofs, b, n);
data_ofs += n;
break;
case 'd':
*ps = smb_xstrdup("");
} else {
/* make sure its in the right format - be strict */
- if (len1 != len2 || ptr + len1 > blob->length) {
+ if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
return False;
}
if (len1 & 1) {
/* if odd length and unicode */
return False;
}
-
+ if (blob->data + ptr < (uint8 *)(unsigned long)ptr || blob->data + ptr < blob->data)
+ return False;
+
if (0 < len1) {
pull_string(NULL, p, blob->data + ptr, sizeof(p),
len1,
if (len1 == 0 && len2 == 0) {
*ps = smb_xstrdup("");
} else {
- if (len1 != len2 || ptr + len1 > blob->length) {
+ if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
return False;
}
-
+
+ if (blob->data + ptr < (uint8 *)(unsigned long)ptr || blob->data + ptr < blob->data)
+ return False;
+
if (0 < len1) {
pull_string(NULL, p, blob->data + ptr, sizeof(p),
len1,
b = (DATA_BLOB *)va_arg(ap, void *);
if (len1 == 0 && len2 == 0) {
- *b = data_blob(NULL, 0);
+ *b = data_blob_null;
} else {
/* make sure its in the right format - be strict */
- if (len1 != len2 || ptr + len1 > blob->length) {
+ if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
return False;
}
+
+ if (blob->data + ptr < (uint8 *)(unsigned long)ptr || blob->data + ptr < blob->data)
+ return False;
+
*b = data_blob(blob->data + ptr, len1);
}
break;
len1 = va_arg(ap, unsigned);
/* make sure its in the right format - be strict */
NEED_DATA(len1);
+ if (blob->data + head_ofs < (uint8 *)head_ofs || blob->data + head_ofs < blob->data)
+ return False;
+
*b = data_blob(blob->data + head_ofs, len1);
head_ofs += len1;
break;
break;
case 'C':
s = va_arg(ap, char *);
+
+ if (blob->data + head_ofs < (uint8 *)head_ofs || blob->data + head_ofs < blob->data)
+ return False;
+
head_ofs += pull_string(NULL, p, blob->data+head_ofs, sizeof(p),
blob->length - head_ofs,
STR_ASCII|STR_TERMINATE);
return True;
}
-