← Back to branch summary

~ubuntu-branches/ubuntu/oneiric/samba/oneiric-security

« back to all changes in this revision

Viewing changes to .pc/CVE-2012-1182-2.patch/source3/librpc/gen_ndr/ndr_printcap.c

  • Committer: Package Import Robot
  • Author(s): Tyler Hicks
  • Date: 2012-04-12 05:28:44 UTC
  • mfrom: (147.1.1 oneiric-proposed)
  • Revision ID: package-import@ubuntu.com-20120412052844-348q6l4dcb303sdu
Tags: 2:3.5.11~dfsg-1ubuntu2.2
https://launchpad.net/bugs/978458
* SECURITY UPDATE: Unauthenticated remote code execution via
  RPC calls (LP: #978458)
  - debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler to generate code
    that uses the same value for array allocation and array length checks.
    Based on upstream patch.
  - debian/patches/CVE-2012-1182-2.patch: Regenerate PIDL generated files with
    the patched PIDL compiler
  - CVE-2012-1182

Show diffs side-by-side

added added

removed removed

Lines of Context:
.pc/CVE-2012-1182-2.patch/source3/librpc/gen_ndr/ndr_printcap.c
 
1
/* parser auto-generated by pidl */
 
2
 
 
3
#include "includes.h"
 
4
#include "librpc/gen_ndr/ndr_printcap.h"
 
5
 
 
6
static enum ndr_err_code ndr_push_pcap_printer(struct ndr_push *ndr, int ndr_flags, const struct pcap_printer *r)
 
7
{
 
8
        if (ndr_flags & NDR_SCALARS) {
 
9
                NDR_CHECK(ndr_push_align(ndr, 4));
 
10
                NDR_CHECK(ndr_push_unique_ptr(ndr, r->name));
 
11
                NDR_CHECK(ndr_push_unique_ptr(ndr, r->info));
 
12
        }
 
13
        if (ndr_flags & NDR_BUFFERS) {
 
14
                if (r->name) {
 
15
                        NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->name, CH_UTF8)));
 
16
                        NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
 
17
                        NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->name, CH_UTF8)));
 
18
                        NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->name, ndr_charset_length(r->name, CH_UTF8), sizeof(uint8_t), CH_UTF8));
 
19
                }
 
20
                if (r->info) {
 
21
                        NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->info, CH_UTF8)));
 
22
                        NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
 
23
                        NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->info, CH_UTF8)));
 
24
                        NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->info, ndr_charset_length(r->info, CH_UTF8), sizeof(uint8_t), CH_UTF8));
 
25
                }
 
26
        }
 
27
        return NDR_ERR_SUCCESS;
 
28
}
 
29
 
 
30
static enum ndr_err_code ndr_pull_pcap_printer(struct ndr_pull *ndr, int ndr_flags, struct pcap_printer *r)
 
31
{
 
32
        uint32_t _ptr_name;
 
33
        TALLOC_CTX *_mem_save_name_0;
 
34
        uint32_t _ptr_info;
 
35
        TALLOC_CTX *_mem_save_info_0;
 
36
        if (ndr_flags & NDR_SCALARS) {
 
37
                NDR_CHECK(ndr_pull_align(ndr, 4));
 
38
                NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_name));
 
39
                if (_ptr_name) {
 
40
                        NDR_PULL_ALLOC(ndr, r->name);
 
41
                } else {
 
42
                        r->name = NULL;
 
43
                }
 
44
                NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info));
 
45
                if (_ptr_info) {
 
46
                        NDR_PULL_ALLOC(ndr, r->info);
 
47
                } else {
 
48
                        r->info = NULL;
 
49
                }
 
50
        }
 
51
        if (ndr_flags & NDR_BUFFERS) {
 
52
                if (r->name) {
 
53
                        _mem_save_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
 
54
                        NDR_PULL_SET_MEM_CTX(ndr, r->name, 0);
 
55
                        NDR_CHECK(ndr_pull_array_size(ndr, &r->name));
 
56
                        NDR_CHECK(ndr_pull_array_length(ndr, &r->name));
 
57
                        if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) {
 
58
                                return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name));
 
59
                        }
 
60
                        NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint8_t)));
 
61
                        NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint8_t), CH_UTF8));
 
62
                        NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0);
 
63
                }
 
64
                if (r->info) {
 
65
                        _mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
 
66
                        NDR_PULL_SET_MEM_CTX(ndr, r->info, 0);
 
67
                        NDR_CHECK(ndr_pull_array_size(ndr, &r->info));
 
68
                        NDR_CHECK(ndr_pull_array_length(ndr, &r->info));
 
69
                        if (ndr_get_array_length(ndr, &r->info) > ndr_get_array_size(ndr, &r->info)) {
 
70
                                return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->info), ndr_get_array_length(ndr, &r->info));
 
71
                        }
 
72
                        NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->info), sizeof(uint8_t)));
 
73
                        NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->info, ndr_get_array_length(ndr, &r->info), sizeof(uint8_t), CH_UTF8));
 
74
                        NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0);
 
75
                }
 
76
        }
 
77
        return NDR_ERR_SUCCESS;
 
78
}
 
79
 
 
80
_PUBLIC_ void ndr_print_pcap_printer(struct ndr_print *ndr, const char *name, const struct pcap_printer *r)
 
81
{
 
82
        ndr_print_struct(ndr, name, "pcap_printer");
 
83
        ndr->depth++;
 
84
        ndr_print_ptr(ndr, "name", r->name);
 
85
        ndr->depth++;
 
86
        if (r->name) {
 
87
                ndr_print_string(ndr, "name", r->name);
 
88
        }
 
89
        ndr->depth--;
 
90
        ndr_print_ptr(ndr, "info", r->info);
 
91
        ndr->depth++;
 
92
        if (r->info) {
 
93
                ndr_print_string(ndr, "info", r->info);
 
94
        }
 
95
        ndr->depth--;
 
96
        ndr->depth--;
 
97
}
 
98
 
 
99
_PUBLIC_ enum ndr_err_code ndr_push_pcap_data(struct ndr_push *ndr, int ndr_flags, const struct pcap_data *r)
 
100
{
 
101
        uint32_t cntr_printers_0;
 
102
        if (ndr_flags & NDR_SCALARS) {
 
103
                NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
 
104
                NDR_CHECK(ndr_push_align(ndr, 4));
 
105
                NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->status));
 
106
                NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
 
107
                for (cntr_printers_0 = 0; cntr_printers_0 < r->count; cntr_printers_0++) {
 
108
                        NDR_CHECK(ndr_push_pcap_printer(ndr, NDR_SCALARS, &r->printers[cntr_printers_0]));
 
109
                }
 
110
        }
 
111
        if (ndr_flags & NDR_BUFFERS) {
 
112
                for (cntr_printers_0 = 0; cntr_printers_0 < r->count; cntr_printers_0++) {
 
113
                        NDR_CHECK(ndr_push_pcap_printer(ndr, NDR_BUFFERS, &r->printers[cntr_printers_0]));
 
114
                }
 
115
        }
 
116
        return NDR_ERR_SUCCESS;
 
117
}
 
118
 
 
119
_PUBLIC_ enum ndr_err_code ndr_pull_pcap_data(struct ndr_pull *ndr, int ndr_flags, struct pcap_data *r)
 
120
{
 
121
        uint32_t cntr_printers_0;
 
122
        TALLOC_CTX *_mem_save_printers_0;
 
123
        if (ndr_flags & NDR_SCALARS) {
 
124
                NDR_CHECK(ndr_pull_array_size(ndr, &r->printers));
 
125
                NDR_CHECK(ndr_pull_align(ndr, 4));
 
126
                NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->status));
 
127
                NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count));
 
128
                NDR_PULL_ALLOC_N(ndr, r->printers, ndr_get_array_size(ndr, &r->printers));
 
129
                _mem_save_printers_0 = NDR_PULL_GET_MEM_CTX(ndr);
 
130
                NDR_PULL_SET_MEM_CTX(ndr, r->printers, 0);
 
131
                for (cntr_printers_0 = 0; cntr_printers_0 < r->count; cntr_printers_0++) {
 
132
                        NDR_CHECK(ndr_pull_pcap_printer(ndr, NDR_SCALARS, &r->printers[cntr_printers_0]));
 
133
                }
 
134
                NDR_PULL_SET_MEM_CTX(ndr, _mem_save_printers_0, 0);
 
135
                if (r->printers) {
 
136
                        NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->printers, r->count));
 
137
                }
 
138
        }
 
139
        if (ndr_flags & NDR_BUFFERS) {
 
140
                _mem_save_printers_0 = NDR_PULL_GET_MEM_CTX(ndr);
 
141
                NDR_PULL_SET_MEM_CTX(ndr, r->printers, 0);
 
142
                for (cntr_printers_0 = 0; cntr_printers_0 < r->count; cntr_printers_0++) {
 
143
                        NDR_CHECK(ndr_pull_pcap_printer(ndr, NDR_BUFFERS, &r->printers[cntr_printers_0]));
 
144
                }
 
145
                NDR_PULL_SET_MEM_CTX(ndr, _mem_save_printers_0, 0);
 
146
        }
 
147
        return NDR_ERR_SUCCESS;
 
148
}
 
149
 
 
150
_PUBLIC_ void ndr_print_pcap_data(struct ndr_print *ndr, const char *name, const struct pcap_data *r)
 
151
{
 
152
        uint32_t cntr_printers_0;
 
153
        ndr_print_struct(ndr, name, "pcap_data");
 
154
        ndr->depth++;
 
155
        ndr_print_NTSTATUS(ndr, "status", r->status);
 
156
        ndr_print_uint32(ndr, "count", r->count);
 
157
        ndr->print(ndr, "%s: ARRAY(%d)", "printers", (int)r->count);
 
158
        ndr->depth++;
 
159
        for (cntr_printers_0=0;cntr_printers_0<r->count;cntr_printers_0++) {
 
160
                char *idx_0=NULL;
 
161
                if (asprintf(&idx_0, "[%d]", cntr_printers_0) != -1) {
 
162
                        ndr_print_pcap_printer(ndr, "printers", &r->printers[cntr_printers_0]);
 
163
                        free(idx_0);
 
164
                }
 
165
        }
 
166
        ndr->depth--;
 
167
        ndr->depth--;
 
168
}