From: Douglas Bagnall Date: Tue, 19 May 2020 01:55:53 +0000 (+1200) Subject: ndr/nbt: use ndr_dns_utils/ndr_pull_dns_string_list X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f00fa3448405e7faf9eb447b6b178ef346a65312;p=thirdparty%2Fsamba.git ndr/nbt: use ndr_dns_utils/ndr_pull_dns_string_list To retain exactly the same behaviour with regard to memory contexts and error messages, we add an is_nbt flag. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378 Signed-off-by: Douglas Bagnall Reviewed-by: Andreas Schneider --- diff --git a/librpc/ndr/ndr_dns.c b/librpc/ndr/ndr_dns.c index b36927dc599..6822d739cbe 100644 --- a/librpc/ndr/ndr_dns.c +++ b/librpc/ndr/ndr_dns.c @@ -55,7 +55,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_dns_string(struct ndr_pull *ndr, { return ndr_pull_dns_string_list(ndr, ndr_flags, - s); + s, + false); } diff --git a/librpc/ndr/ndr_dns_utils.c b/librpc/ndr/ndr_dns_utils.c index 7a38a807e5c..00b7f8ce86a 100644 --- a/librpc/ndr/ndr_dns_utils.c +++ b/librpc/ndr/ndr_dns_utils.c @@ -9,19 +9,22 @@ #define MAX_COMPONENTS 128 /* - pull one component of a dns_string + pull one component of a dns/nbt string */ static enum ndr_err_code ndr_pull_component(struct ndr_pull *ndr, + TALLOC_CTX *mem_ctx, uint8_t **component, uint32_t *offset, - uint32_t *max_offset) + uint32_t *max_offset, + const char *err_name) { uint8_t len; unsigned int loops = 0; while (loops < 5) { if (*offset >= ndr->data_size) { return ndr_pull_error(ndr, NDR_ERR_STRING, - "BAD DNS NAME component, bad offset"); + "BAD %s NAME component, bad offset", + err_name); } len = ndr->data[*offset]; if (len == 0) { @@ -34,8 +37,9 @@ static enum ndr_err_code ndr_pull_component(struct ndr_pull *ndr, /* its a label pointer */ if (1 + *offset >= ndr->data_size) { return ndr_pull_error(ndr, NDR_ERR_STRING, - "BAD DNS NAME component, " \ - "bad label offset"); + "BAD %s NAME component, " \ + "bad label offset", + err_name); } *max_offset = MAX(*max_offset, *offset + 2); *offset = ((len&0x3F)<<8) | ndr->data[1 + *offset]; @@ -46,16 +50,17 @@ static enum ndr_err_code ndr_pull_component(struct ndr_pull *ndr, if ((len & 0xC0) != 0) { /* its a reserved length field */ return ndr_pull_error(ndr, NDR_ERR_STRING, - "BAD DNS NAME component, " \ + "BAD %s NAME component, " \ "reserved length field: 0x%02x", - (len &0xC)); + err_name, (len &0xC)); } if (*offset + len + 1 > ndr->data_size) { return ndr_pull_error(ndr, NDR_ERR_STRING, - "BAD DNS NAME component, "\ - "length too long"); + "BAD %s NAME component, "\ + "length too long", + err_name); } - *component = (uint8_t*)talloc_strndup(ndr, + *component = (uint8_t*)talloc_strndup(mem_ctx, (const char *)&ndr->data[1 + *offset], len); NDR_ERR_HAVE_NO_MEMORY(*component); *offset += len + 1; @@ -65,20 +70,32 @@ static enum ndr_err_code ndr_pull_component(struct ndr_pull *ndr, /* too many pointers */ return ndr_pull_error(ndr, NDR_ERR_STRING, - "BAD DNS NAME component, too many pointers"); + "BAD %s NAME component, too many pointers", + err_name); } /** - pull a dns_string from the wire + pull a dns/nbt string from the wire */ enum ndr_err_code ndr_pull_dns_string_list(struct ndr_pull *ndr, ndr_flags_type ndr_flags, - const char **s) + const char **s, + bool is_nbt) { uint32_t offset = ndr->offset; uint32_t max_offset = offset; unsigned num_components; char *name; + const char *err_name = NULL; + TALLOC_CTX *mem_ctx = NULL; + + if (is_nbt) { + err_name = "NBT"; + mem_ctx = ndr->current_mem_ctx; + } else { + err_name = "DNS"; + mem_ctx = ndr; + } if (!(ndr_flags & NDR_SCALARS)) { return NDR_ERR_SUCCESS; @@ -87,12 +104,18 @@ enum ndr_err_code ndr_pull_dns_string_list(struct ndr_pull *ndr, name = talloc_strdup(ndr->current_mem_ctx, ""); /* break up name into a list of components */ - for (num_components=0; num_components 0) { name = talloc_asprintf_append_buffer(name, ".%s", component); @@ -104,7 +127,8 @@ enum ndr_err_code ndr_pull_dns_string_list(struct ndr_pull *ndr, } if (num_components == MAX_COMPONENTS) { return ndr_pull_error(ndr, NDR_ERR_STRING, - "BAD DNS NAME too many components"); + "BAD %s NAME too many components", + err_name); } (*s) = name; diff --git a/librpc/ndr/ndr_dns_utils.h b/librpc/ndr/ndr_dns_utils.h index f75a628852c..8b9780feb3e 100644 --- a/librpc/ndr/ndr_dns_utils.h +++ b/librpc/ndr/ndr_dns_utils.h @@ -1,7 +1,8 @@ enum ndr_err_code ndr_pull_dns_string_list(struct ndr_pull *ndr, ndr_flags_type ndr_flags, - const char **s); + const char **s, + bool is_nbt); enum ndr_err_code ndr_push_dns_string_list(struct ndr_push *ndr, struct ndr_token_list *string_list, diff --git a/librpc/ndr/ndr_nbt.c b/librpc/ndr/ndr_nbt.c index 6f54198ffbc..f9c32c13304 100644 --- a/librpc/ndr/ndr_nbt.c +++ b/librpc/ndr/ndr_nbt.c @@ -28,9 +28,6 @@ #include "ndr_dns_utils.h" -/* don't allow an unlimited number of name components */ -#define MAX_COMPONENTS 128 - /** print a nbt string */ @@ -39,103 +36,15 @@ _PUBLIC_ void ndr_print_nbt_string(struct ndr_print *ndr, const char *name, cons ndr_print_string(ndr, name, s); } -/* - pull one component of a nbt_string -*/ -static enum ndr_err_code ndr_pull_component(struct ndr_pull *ndr, - uint8_t **component, - uint32_t *offset, - uint32_t *max_offset) -{ - uint8_t len; - unsigned int loops = 0; - while (loops < 5) { - if (*offset >= ndr->data_size) { - return ndr_pull_error(ndr, NDR_ERR_STRING, - "BAD NBT NAME component"); - } - len = ndr->data[*offset]; - if (len == 0) { - *offset += 1; - *max_offset = MAX(*max_offset, *offset); - *component = NULL; - return NDR_ERR_SUCCESS; - } - if ((len & 0xC0) == 0xC0) { - /* its a label pointer */ - if (1 + *offset >= ndr->data_size) { - return ndr_pull_error(ndr, NDR_ERR_STRING, - "BAD NBT NAME component"); - } - *max_offset = MAX(*max_offset, *offset + 2); - *offset = ((len&0x3F)<<8) | ndr->data[1 + *offset]; - *max_offset = MAX(*max_offset, *offset); - loops++; - continue; - } - if ((len & 0xC0) != 0) { - /* its a reserved length field */ - return ndr_pull_error(ndr, NDR_ERR_STRING, - "BAD NBT NAME component"); - } - if (*offset + len + 1 > ndr->data_size) { - return ndr_pull_error(ndr, NDR_ERR_STRING, - "BAD NBT NAME component"); - } - *component = (uint8_t*)talloc_strndup( - ndr->current_mem_ctx, - (const char *)&ndr->data[1 + *offset], len); - NDR_ERR_HAVE_NO_MEMORY(*component); - *offset += len + 1; - *max_offset = MAX(*max_offset, *offset); - return NDR_ERR_SUCCESS; - } - - /* too many pointers */ - return ndr_pull_error(ndr, NDR_ERR_STRING, "BAD NBT NAME component"); -} - /** pull a nbt_string from the wire */ _PUBLIC_ enum ndr_err_code ndr_pull_nbt_string(struct ndr_pull *ndr, ndr_flags_type ndr_flags, const char **s) { - uint32_t offset = ndr->offset; - uint32_t max_offset = offset; - unsigned num_components; - char *name; - - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - name = NULL; - - /* break up name into a list of components */ - for (num_components=0;num_componentscurrent_mem_ctx, ""); - NDR_ERR_HAVE_NO_MEMORY(name); - } - - (*s) = name; - ndr->offset = max_offset; - - return NDR_ERR_SUCCESS; + return ndr_pull_dns_string_list(ndr, + ndr_flags, + s, + true); } /**