From: Volker Lendecke <vl@samba.org>
Date: Sat, 8 Nov 2008 15:48:20 +0000 (+0100)
Subject: Move cli_trans_oob to lib/util.c
X-Git-Tag: samba-4.0.0alpha6~480^2~91
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9a3be6f0f8e120797a02fa1be60b51812cfd86f5;p=thirdparty%2Fsamba.git

Move cli_trans_oob to lib/util.c

Rename it to trans_oob, it will be used in the server routines.
---

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 73be87b6fc3..71f12a68447 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1251,6 +1251,7 @@ char *procid_str_static(const struct server_id *pid);
 bool procid_valid(const struct server_id *pid);
 bool procid_is_local(const struct server_id *pid);
 int this_is_smp(void);
+bool trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length);
 bool is_offset_safe(const char *buf_base, size_t buf_len, char *ptr, size_t off);
 char *get_safe_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off);
 char *get_safe_str_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off);
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 5007fb72ef8..074b523ae0b 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -2878,6 +2878,25 @@ int this_is_smp(void)
 #endif
 }
 
+/****************************************************************
+ Check if offset/length fit into bufsize. Should probably be
+ merged with is_offset_safe, but this would require a rewrite
+ of lanman.c. Later :-)
+****************************************************************/
+
+bool trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length)
+{
+	if ((offset + length < offset) || (offset + length < length)) {
+		/* wrap */
+		return true;
+	}
+	if ((offset > bufsize) || (offset + length > bufsize)) {
+		/* overflow */
+		return true;
+	}
+	return false;
+}
+
 /****************************************************************
  Check if an offset into a buffer is safe.
  If this returns True it's safe to indirect into the byte at
diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c
index c929f0b7a97..bbdfb75fcd1 100644
--- a/source3/libsmb/clitrans.c
+++ b/source3/libsmb/clitrans.c
@@ -978,19 +978,6 @@ static void cli_trans_ship_rest(struct async_req *req,
 	}
 }
 
-static bool cli_trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length)
-{
-	if ((offset + length < offset) || (offset + length < length)) {
-		/* wrap */
-		return true;
-	}
-	if ((offset > bufsize) || (offset + length > bufsize)) {
-		/* overflow */
-		return true;
-	}
-	return false;
-}
-
 static NTSTATUS cli_pull_trans(struct async_req *req,
 			       struct cli_request *cli_req,
 			       uint8_t smb_cmd, bool expect_first_reply,
@@ -1072,10 +1059,10 @@ static NTSTATUS cli_pull_trans(struct async_req *req,
 	 * length. Likewise for param_ofs/param_disp.
 	 */
 
-	if (cli_trans_oob(smb_len(cli_req->inbuf), param_ofs, *pnum_param)
-	    || cli_trans_oob(*ptotal_param, *pparam_disp, *pnum_param)
-	    || cli_trans_oob(smb_len(cli_req->inbuf), data_ofs, *pnum_data)
-	    || cli_trans_oob(*ptotal_data, *pdata_disp, *pnum_data)) {
+	if (trans_oob(smb_len(cli_req->inbuf), param_ofs, *pnum_param)
+	    || trans_oob(*ptotal_param, *pparam_disp, *pnum_param)
+	    || trans_oob(smb_len(cli_req->inbuf), data_ofs, *pnum_data)
+	    || trans_oob(*ptotal_data, *pdata_disp, *pnum_data)) {
 		return NT_STATUS_INVALID_NETWORK_RESPONSE;
 	}