diff options
author | Swen Schillig <swen@linux.ibm.com> | 2019-01-28 14:35:30 +0100 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2019-03-01 00:32:10 +0000 |
commit | 414bc3748b6fbd54cbd50a0ff1f20cbe31b06ccc (patch) | |
tree | 4042813f192bb431e218c0c41c0ad8a822dca2d3 /source3/rpcclient | |
parent | c067429c32b7e8853274f8711bb5c5bd33b5e628 (diff) | |
download | samba-414bc3748b6fbd54cbd50a0ff1f20cbe31b06ccc.tar.gz |
rpcclient: Use wrapper for string to integer conversion
In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source3/rpcclient')
-rw-r--r-- | source3/rpcclient/cmd_samr.c | 7 | ||||
-rw-r--r-- | source3/rpcclient/cmd_spoolss.c | 8 |
2 files changed, 13 insertions, 2 deletions
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index 7e396f92a48..898ae6ad6fc 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -1406,13 +1406,18 @@ static NTSTATUS cmd_samr_delete_alias(struct rpc_pipe_client *cli, uint32_t alias_rid; uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS; struct dcerpc_binding_handle *b = cli->binding_handle; + int error = 0; if (argc != 3) { printf("Usage: %s builtin|domain [rid|name]\n", argv[0]); return NT_STATUS_OK; } - alias_rid = strtoul(argv[2], NULL, 10); + alias_rid = strtoul_err(argv[2], NULL, 10, &error); + if (error != 0) { + return NT_STATUS_INVALID_PARAMETER; + } + /* Open SAMR handle */ diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c index 0a850ddc6aa..f6d631761b2 100644 --- a/source3/rpcclient/cmd_spoolss.c +++ b/source3/rpcclient/cmd_spoolss.c @@ -2642,6 +2642,7 @@ static WERROR cmd_spoolss_setprinterdata(struct rpc_pipe_client *cli, union spoolss_PrinterData data; DATA_BLOB blob; struct dcerpc_binding_handle *b = cli->binding_handle; + int error = 0; /* parse the command arguments */ if (argc < 5) { @@ -2707,7 +2708,12 @@ static WERROR cmd_spoolss_setprinterdata(struct rpc_pipe_client *cli, W_ERROR_HAVE_NO_MEMORY(data.string); break; case REG_DWORD: - data.value = strtoul(argv[4], NULL, 10); + data.value = strtoul_err(argv[4], NULL, 10, &error); + if (error != 0) { + result = WERR_INVALID_PARAMETER; + goto done; + } + break; case REG_BINARY: data.binary = strhex_to_data_blob(mem_ctx, argv[4]); |