Rob Shearman : rpcrt4: Check that strings in SMB, NB and pipe floors are nul-terminated before copying the data.
Alexandre Julliard
julliard at winehq.org
Mon Aug 18 10:46:23 CDT 2008
Module: wine
Branch: master
Commit: ce085ed8ec9bd5b88a58257d3485f8ade1b4578b
URL: http://source.winehq.org/git/wine.git/?a=commit;h=ce085ed8ec9bd5b88a58257d3485f8ade1b4578b
Author: Rob Shearman <robertshearman at gmail.com>
Date: Sun Aug 10 18:24:35 2008 +0100
rpcrt4: Check that strings in SMB, NB and pipe floors are nul-terminated before copying the data.
---
dlls/rpcrt4/rpc_transport.c | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/dlls/rpcrt4/rpc_transport.c b/dlls/rpcrt4/rpc_transport.c
index a797646..75423b9 100644
--- a/dlls/rpcrt4/rpc_transport.c
+++ b/dlls/rpcrt4/rpc_transport.c
@@ -504,7 +504,8 @@ static RPC_STATUS rpcrt4_ncacn_np_parse_top_of_tower(const unsigned char *tower_
if ((smb_floor->count_lhs != sizeof(smb_floor->protid)) ||
(smb_floor->protid != EPM_PROTOCOL_SMB) ||
- (smb_floor->count_rhs > tower_size))
+ (smb_floor->count_rhs > tower_size) ||
+ (tower_data[smb_floor->count_rhs - 1] != '\0'))
return EPT_S_NOT_REGISTERED;
if (endpoint)
@@ -527,7 +528,8 @@ static RPC_STATUS rpcrt4_ncacn_np_parse_top_of_tower(const unsigned char *tower_
if ((nb_floor->count_lhs != sizeof(nb_floor->protid)) ||
(nb_floor->protid != EPM_PROTOCOL_NETBIOS) ||
- (nb_floor->count_rhs > tower_size))
+ (nb_floor->count_rhs > tower_size) ||
+ (tower_data[nb_floor->count_rhs - 1] != '\0'))
return EPT_S_NOT_REGISTERED;
if (networkaddr)
@@ -714,7 +716,8 @@ static RPC_STATUS rpcrt4_ncalrpc_parse_top_of_tower(const unsigned char *tower_d
if ((pipe_floor->count_lhs != sizeof(pipe_floor->protid)) ||
(pipe_floor->protid != EPM_PROTOCOL_PIPE) ||
- (pipe_floor->count_rhs > tower_size))
+ (pipe_floor->count_rhs > tower_size) ||
+ (tower_data[pipe_floor->count_rhs - 1] != '\0'))
return EPT_S_NOT_REGISTERED;
if (networkaddr)
More information about the wine-cvs
mailing list