s3-libads call common GUID_from_ndr_blob()

This does a length-limited check, and so avoids reading beyond the
allocated memory if the server sends less than 16 bytes.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 3525876ecf57d9dbfc130f7c040a008d8199e9dd..32138a784c1310fefc4d8226b81e42ffc2c48b47 100644 (file)
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -2127,13 +2127,16 @@ static void dump_guid(ADS_STRUCT *ads, const char *field, struct berval **values
 {
        int i;
        for (i=0; values[i]; i++) {
+               NTSTATUS status;
+               DATA_BLOB in = data_blob_const(values[i]->bv_val, values[i]->bv_len);
+               struct GUID guid;
 
-               UUID_FLAT guid;
-               struct GUID tmp;
-
-               memcpy(guid.info, values[i]->bv_val, sizeof(guid.info));
-               smb_uuid_unpack(guid, &tmp);
-               printf("%s: %s\n", field, GUID_string(talloc_tos(), &tmp));
+               status = GUID_from_ndr_blob(&in, &guid);
+               if (NT_STATUS_IS_OK(status)) {
+                       printf("%s: %s\n", field, GUID_string(talloc_tos(), &guid));
+               } else {
+                       printf("%s: INVALID GUID\n", field);
+               }
        }
 }
 
@@ -2609,22 +2612,17 @@ int ads_count_replies(ADS_STRUCT *ads, void *res)
  **/
  bool ads_pull_guid(ADS_STRUCT *ads, LDAPMessage *msg, struct GUID *guid)
 {
-       char **values;
-       UUID_FLAT flat_guid;
-
-       values = ldap_get_values(ads->ldap.ld, msg, "objectGUID");
-       if (!values)
-               return False;
+       DATA_BLOB blob;
+       NTSTATUS status;
 
-       if (values[0]) {
-               memcpy(&flat_guid.info, values[0], sizeof(UUID_FLAT));
-               smb_uuid_unpack(flat_guid, guid);
-               ldap_value_free(values);
-               return True;
+       if (!smbldap_talloc_single_blob(talloc_tos(), ads->ldap.ld, msg, "objectGUID",
+                                       &blob)) {
+               return false;
        }
-       ldap_value_free(values);
-       return False;
 
+       status = GUID_from_ndr_blob(&blob, guid);
+       talloc_free(blob.data);
+       return NT_STATUS_IS_OK(status);
 }
 
 

diff --git a/source3/printing/nt_printing_ads.c b/source3/printing/nt_printing_ads.c
index 4b39173c3e8a00c0d87e918be5dad205abbcb79f..56086c9e89819fb15b7e34d64d23639bd0f85210 100644 (file)
--- a/source3/printing/nt_printing_ads.c
+++ b/source3/printing/nt_printing_ads.c
@@ -187,10 +187,13 @@ static WERROR nt_printer_publish_ads(struct messaging_context *msg_ctx,
 
        /* retreive the guid and store it locally */
        if (ADS_ERR_OK(ads_search_dn(ads, &res, prt_dn, attrs))) {
+               bool guid_ok;
                ZERO_STRUCT(guid);
-               ads_pull_guid(ads, res, &guid);
+               guid_ok = ads_pull_guid(ads, res, &guid);
                ads_msgfree(ads, res);
-               store_printer_guid(msg_ctx, printer, guid);
+               if (guid_ok) {
+                       store_printer_guid(msg_ctx, printer, guid);
+               }
        }
        TALLOC_FREE(ctx);