Move cli_trans_oob to lib/util.c

Rename it to trans_oob, it will be used in the server routines.

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 73be87b6fc38c249301f0a888d64e88a6e8685cc..71f12a684478c4bfd2c1426adc1a2132d925c6df 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1251,6 +1251,7 @@ char *procid_str_static(const struct server_id *pid);
 bool procid_valid(const struct server_id *pid);
 bool procid_is_local(const struct server_id *pid);
 int this_is_smp(void);
+bool trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length);
 bool is_offset_safe(const char *buf_base, size_t buf_len, char *ptr, size_t off);
 char *get_safe_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off);
 char *get_safe_str_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off);

diff --git a/source3/lib/util.c b/source3/lib/util.c
index 5007fb72ef8f38a9a912ab21c9fc8548c9e355e5..074b523ae0b8a320076629d7284ebfd0b9f366ff 100644 (file)
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -2878,6 +2878,25 @@ int this_is_smp(void)
 #endif
 }
 
+/****************************************************************
+ Check if offset/length fit into bufsize. Should probably be
+ merged with is_offset_safe, but this would require a rewrite
+ of lanman.c. Later :-)
+****************************************************************/
+
+bool trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length)
+{
+       if ((offset + length < offset) || (offset + length < length)) {
+               /* wrap */
+               return true;
+       }
+       if ((offset > bufsize) || (offset + length > bufsize)) {
+               /* overflow */
+               return true;
+       }
+       return false;
+}
+
 /****************************************************************
  Check if an offset into a buffer is safe.
  If this returns True it's safe to indirect into the byte at

diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c
index c929f0b7a97b6f25c3a530f2cfb2b086d109d171..bbdfb75fcd1863d3d0e0aba3a53ff78c0064fa89 100644 (file)
--- a/source3/libsmb/clitrans.c
+++ b/source3/libsmb/clitrans.c
@@ -978,19 +978,6 @@ static void cli_trans_ship_rest(struct async_req *req,
        }
 }
 
-static bool cli_trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length)
-{
-       if ((offset + length < offset) || (offset + length < length)) {
-               /* wrap */
-               return true;
-       }
-       if ((offset > bufsize) || (offset + length > bufsize)) {
-               /* overflow */
-               return true;
-       }
-       return false;
-}
-
 static NTSTATUS cli_pull_trans(struct async_req *req,
                               struct cli_request *cli_req,
                               uint8_t smb_cmd, bool expect_first_reply,
@@ -1072,10 +1059,10 @@ static NTSTATUS cli_pull_trans(struct async_req *req,
         * length. Likewise for param_ofs/param_disp.
         */
 
-       if (cli_trans_oob(smb_len(cli_req->inbuf), param_ofs, *pnum_param)
-           || cli_trans_oob(*ptotal_param, *pparam_disp, *pnum_param)
-           || cli_trans_oob(smb_len(cli_req->inbuf), data_ofs, *pnum_data)
-           || cli_trans_oob(*ptotal_data, *pdata_disp, *pnum_data)) {
+       if (trans_oob(smb_len(cli_req->inbuf), param_ofs, *pnum_param)
+           || trans_oob(*ptotal_param, *pparam_disp, *pnum_param)
+           || trans_oob(smb_len(cli_req->inbuf), data_ofs, *pnum_data)
+           || trans_oob(*ptotal_data, *pdata_disp, *pnum_data)) {
                return NT_STATUS_INVALID_NETWORK_RESPONSE;
        }