*/
#include "includes.h"
-#include "pstring.h"
+#include "auth/ntlmssp/msrpc_parse.h"
/*
this is a tiny msrpc packet generator. I am only using this to
d = word (4 bytes)
C = constant ascii string
*/
-bool msrpc_gen(TALLOC_CTX *mem_ctx, DATA_BLOB *blob,
+bool msrpc_gen(TALLOC_CTX *mem_ctx,
+ DATA_BLOB *blob,
const char *format, ...)
{
int i;
return false; \
}
-/*
+/**
this is a tiny msrpc packet parser. This the the partner of msrpc_gen
format specifiers are:
C = constant ascii string
*/
-bool msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob,
+bool msrpc_parse(TALLOC_CTX *mem_ctx,
+ const DATA_BLOB *blob,
const char *format, ...)
{
int i;
uint16_t len1, len2;
uint32_t ptr;
uint32_t *v;
- pstring p;
+ size_t p_len = 1024;
+ char *p = talloc_array(mem_ctx, char, p_len);
+ bool ret = true;
va_start(ap, format);
for (i=0; format[i]; i++) {
} else {
/* make sure its in the right format - be strict */
if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
- return false;
+ ret = false;
+ goto cleanup;
}
if (len1 & 1) {
/* if odd length and unicode */
- return false;
+ ret = false;
+ goto cleanup;
+ }
+ if (blob->data + ptr < (uint8_t *)(uintptr_t)ptr ||
+ blob->data + ptr < blob->data) {
+ ret = false;
+ goto cleanup;
}
- if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
- return false;
if (0 < len1) {
- pull_string(p, blob->data + ptr, sizeof(p),
+ pull_string(p, blob->data + ptr, p_len,
len1, STR_UNICODE|STR_NOALIGN);
(*ps) = talloc_strdup(mem_ctx, p);
if (!(*ps)) {
- return false;
+ ret = false;
+ goto cleanup;
}
} else {
(*ps) = "";
*ps = "";
} else {
if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
- return false;
+ ret = false;
+ goto cleanup;
}
- if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
- return false;
+ if (blob->data + ptr < (uint8_t *)(uintptr_t)ptr ||
+ blob->data + ptr < blob->data) {
+ ret = false;
+ goto cleanup;
+ }
if (0 < len1) {
- pull_string(p, blob->data + ptr, sizeof(p),
+ pull_string(p, blob->data + ptr, p_len,
len1, STR_ASCII|STR_NOALIGN);
(*ps) = talloc_strdup(mem_ctx, p);
if (!(*ps)) {
- return false;
+ ret = false;
+ goto cleanup;
}
} else {
(*ps) = "";
} else {
/* make sure its in the right format - be strict */
if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
- return false;
+ ret = false;
+ goto cleanup;
+ }
+
+ if (blob->data + ptr < (uint8_t *)(uintptr_t)ptr ||
+ blob->data + ptr < blob->data) {
+ ret = false;
+ goto cleanup;
}
- if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
- return false;
-
*b = data_blob_talloc(mem_ctx, blob->data + ptr, len1);
}
break;
len1 = va_arg(ap, uint_t);
/* make sure its in the right format - be strict */
NEED_DATA(len1);
- if (blob->data + head_ofs < (uint8_t *)head_ofs || blob->data + head_ofs < blob->data)
- return false;
-
+ if (blob->data + head_ofs < (uint8_t *)head_ofs ||
+ blob->data + head_ofs < blob->data) {
+ ret = false;
+ goto cleanup;
+ }
+
*b = data_blob_talloc(mem_ctx, blob->data + head_ofs, len1);
head_ofs += len1;
break;
case 'C':
s = va_arg(ap, char *);
- if (blob->data + head_ofs < (uint8_t *)head_ofs || blob->data + head_ofs < blob->data)
- return false;
-
- head_ofs += pull_string(p, blob->data+head_ofs, sizeof(p),
- blob->length - head_ofs,
- STR_ASCII|STR_TERMINATE);
+ if (blob->data + head_ofs < (uint8_t *)head_ofs ||
+ blob->data + head_ofs < blob->data) {
+ ret = false;
+ goto cleanup;
+ }
+
+ head_ofs += pull_string(p,
+ blob->data+head_ofs, p_len,
+ blob->length - head_ofs,
+ STR_ASCII|STR_TERMINATE);
if (strcmp(s, p) != 0) {
- return false;
+ ret = false;
+ goto cleanup;
}
break;
}
}
- va_end(ap);
- return true;
+cleanup:
+ va_end(ap);
+ talloc_free(p);
+ return ret;
}