bool procid_valid(const struct server_id *pid);
bool procid_is_local(const struct server_id *pid);
int this_is_smp(void);
+bool trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length);
bool is_offset_safe(const char *buf_base, size_t buf_len, char *ptr, size_t off);
char *get_safe_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off);
char *get_safe_str_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off);
#endif
}
+/****************************************************************
+ Check if offset/length fit into bufsize. Should probably be
+ merged with is_offset_safe, but this would require a rewrite
+ of lanman.c. Later :-)
+****************************************************************/
+
+bool trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length)
+{
+ if ((offset + length < offset) || (offset + length < length)) {
+ /* wrap */
+ return true;
+ }
+ if ((offset > bufsize) || (offset + length > bufsize)) {
+ /* overflow */
+ return true;
+ }
+ return false;
+}
+
/****************************************************************
Check if an offset into a buffer is safe.
If this returns True it's safe to indirect into the byte at
}
}
-static bool cli_trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length)
-{
- if ((offset + length < offset) || (offset + length < length)) {
- /* wrap */
- return true;
- }
- if ((offset > bufsize) || (offset + length > bufsize)) {
- /* overflow */
- return true;
- }
- return false;
-}
-
static NTSTATUS cli_pull_trans(struct async_req *req,
struct cli_request *cli_req,
uint8_t smb_cmd, bool expect_first_reply,
* length. Likewise for param_ofs/param_disp.
*/
- if (cli_trans_oob(smb_len(cli_req->inbuf), param_ofs, *pnum_param)
- || cli_trans_oob(*ptotal_param, *pparam_disp, *pnum_param)
- || cli_trans_oob(smb_len(cli_req->inbuf), data_ofs, *pnum_data)
- || cli_trans_oob(*ptotal_data, *pdata_disp, *pnum_data)) {
+ if (trans_oob(smb_len(cli_req->inbuf), param_ofs, *pnum_param)
+ || trans_oob(*ptotal_param, *pparam_disp, *pnum_param)
+ || trans_oob(smb_len(cli_req->inbuf), data_ofs, *pnum_data)
+ || trans_oob(*ptotal_data, *pdata_disp, *pnum_data)) {
return NT_STATUS_INVALID_NETWORK_RESPONSE;
}