diff options
| author | Stefan Metzmacher <metze@samba.org> | 2016-01-06 13:28:02 +0100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2016-06-27 05:00:15 +0200 |
| commit | 582f506655e3dd5e51611ac9a8de9f317e87bc16 (patch) | |
| tree | 9c8794e5b8429f70c7918ba683f21ed23eea1410 /librpc/tools | |
| parent | 3076b1ed444c899b4b89755699a0b974d04f66b6 (diff) | |
| download | samba-582f506655e3dd5e51611ac9a8de9f317e87bc16.tar.gz | |
librpc/tools: correctly validate relative pointers in ndrdump
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'librpc/tools')
| -rw-r--r-- | librpc/tools/ndrdump.c | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/librpc/tools/ndrdump.c b/librpc/tools/ndrdump.c index 2dbc427f0b4..2827e8d7fd0 100644 --- a/librpc/tools/ndrdump.c +++ b/librpc/tools/ndrdump.c @@ -463,7 +463,7 @@ static void ndr_print_dummy(struct ndr_print *ndr, const char *format, ...) } if (dumpdata) { - printf("%d bytes consumed\n", ndr_pull->offset); + printf("%d bytes consumed\n", highest_ofs); ndrdump_data(blob.data, blob.length, dumpdata); } @@ -487,6 +487,7 @@ static void ndr_print_dummy(struct ndr_print *ndr, const char *format, ...) struct ndr_push *ndr_v_push; struct ndr_pull *ndr_v_pull; struct ndr_print *ndr_v_print; + uint32_t highest_v_ofs; uint32_t i; uint8_t byte_a, byte_b; bool differ; @@ -523,11 +524,17 @@ static void ndr_print_dummy(struct ndr_print *ndr, const char *format, ...) exit(1); } + if (ndr_v_pull->offset > ndr_v_pull->relative_highest_offset) { + highest_v_ofs = ndr_v_pull->offset; + } else { + highest_v_ofs = ndr_v_pull->relative_highest_offset; + } - if (ndr_v_pull->offset != ndr_v_pull->data_size) { - printf("WARNING! %d unread bytes in validation\n", ndr_v_pull->data_size - ndr_v_pull->offset); - ndrdump_data(ndr_v_pull->data+ndr_v_pull->offset, - ndr_v_pull->data_size - ndr_v_pull->offset, + if (highest_v_ofs != ndr_v_pull->data_size) { + printf("WARNING! %d unread bytes in validation\n", + ndr_v_pull->data_size - highest_v_ofs); + ndrdump_data(ndr_v_pull->data + highest_v_ofs, + ndr_v_pull->data_size - highest_v_ofs, dumpdata); } @@ -541,9 +548,9 @@ static void ndr_print_dummy(struct ndr_print *ndr, const char *format, ...) (unsigned long long)blob.length, (unsigned long long)v_blob.length); } - if (ndr_pull->offset != ndr_v_pull->offset) { + if (highest_ofs != highest_v_ofs) { printf("WARNING! orig pulled bytes:%llu validated pulled bytes:%llu\n", - (unsigned long long)ndr_pull->offset, (unsigned long long)ndr_v_pull->offset); + (unsigned long long)highest_ofs, (unsigned long long)highest_v_ofs); } differ = false; |