Rob Shearman : rpcrt4: Factor out string validation from NDR unmarshalling functions into a separate function , validate_string_data.
Alexandre Julliard
julliard at winehq.org
Mon Jun 23 16:03:35 CDT 2008
Module: wine
Branch: master
Commit: 33e907bc9db68ac54ba7b2cfcf30132adb4fd87f
URL: http://source.winehq.org/git/wine.git/?a=commit;h=33e907bc9db68ac54ba7b2cfcf30132adb4fd87f
Author: Rob Shearman <robertshearman at gmail.com>
Date: Mon Jun 23 12:56:29 2008 +0100
rpcrt4: Factor out string validation from NDR unmarshalling functions into a separate function, validate_string_data.
---
dlls/rpcrt4/ndr_marshall.c | 159 +++++++++++---------------------------------
1 files changed, 40 insertions(+), 119 deletions(-)
diff --git a/dlls/rpcrt4/ndr_marshall.c b/dlls/rpcrt4/ndr_marshall.c
index 15cd292..977effa 100644
--- a/dlls/rpcrt4/ndr_marshall.c
+++ b/dlls/rpcrt4/ndr_marshall.c
@@ -690,6 +690,37 @@ static inline void safe_copy_to_buffer(MIDL_STUB_MESSAGE *pStubMsg, const void *
pStubMsg->Buffer += size;
}
+/* verify that string data sitting in the buffer is valid and safe to
+ * unmarshall */
+static void validate_string_data(MIDL_STUB_MESSAGE *pStubMsg, ULONG bufsize, ULONG esize)
+{
+ ULONG i;
+
+ /* verify the buffer is safe to access */
+ if ((pStubMsg->Buffer + bufsize < pStubMsg->Buffer) ||
+ (pStubMsg->Buffer + bufsize > pStubMsg->BufferEnd))
+ {
+ ERR("bufsize 0x%x exceeded buffer end %p of buffer %p\n", bufsize,
+ pStubMsg->BufferEnd, pStubMsg->Buffer);
+ RpcRaiseException(RPC_X_BAD_STUB_DATA);
+ }
+
+ /* strings must always have null terminating bytes */
+ if (bufsize < esize)
+ {
+ ERR("invalid string length of %d\n", bufsize / esize);
+ RpcRaiseException(RPC_S_INVALID_BOUND);
+ }
+
+ for (i = bufsize - esize; i < bufsize; i++)
+ if (pStubMsg->Buffer[i] != 0)
+ {
+ ERR("string not null-terminated at byte position %d, data is 0x%x\n",
+ i, pStubMsg->Buffer[i]);
+ RpcRaiseException(RPC_S_INVALID_BOUND);
+ }
+}
+
/*
* NdrConformantString:
*
@@ -791,7 +822,7 @@ void WINAPI NdrConformantStringBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
ULONG WINAPI NdrConformantStringMemorySize( PMIDL_STUB_MESSAGE pStubMsg,
PFORMAT_STRING pFormat )
{
- ULONG bufsize, memsize, esize, i;
+ ULONG bufsize, memsize, esize;
TRACE("(pStubMsg == ^%p, pFormat == ^%p)\n", pStubMsg, pFormat);
@@ -821,29 +852,7 @@ ULONG WINAPI NdrConformantStringMemorySize( PMIDL_STUB_MESSAGE pStubMsg,
memsize = safe_multiply(esize, pStubMsg->MaxCount);
bufsize = safe_multiply(esize, pStubMsg->ActualCount);
- /* strings must always have null terminating bytes */
- if (bufsize < esize)
- {
- ERR("invalid string length of %d\n", pStubMsg->ActualCount);
- RpcRaiseException(RPC_S_INVALID_BOUND);
- }
-
- /* verify the buffer is safe to access */
- if ((pStubMsg->Buffer + bufsize < pStubMsg->Buffer) ||
- (pStubMsg->Buffer + bufsize > pStubMsg->BufferEnd))
- {
- ERR("bufsize 0x%x exceeded buffer end %p of buffer %p\n", bufsize,
- pStubMsg->BufferEnd, pStubMsg->Buffer);
- RpcRaiseException(RPC_X_BAD_STUB_DATA);
- }
-
- for (i = bufsize - esize; i < bufsize; i++)
- if (pStubMsg->Buffer[i] != 0)
- {
- ERR("string not null-terminated at byte position %d, data is 0x%x\n",
- i, pStubMsg->Buffer[i]);
- RpcRaiseException(RPC_S_INVALID_BOUND);
- }
+ validate_string_data(pStubMsg, bufsize, esize);
safe_buffer_increment(pStubMsg, bufsize);
pStubMsg->MemorySize += memsize;
@@ -857,7 +866,7 @@ ULONG WINAPI NdrConformantStringMemorySize( PMIDL_STUB_MESSAGE pStubMsg,
unsigned char *WINAPI NdrConformantStringUnmarshall( PMIDL_STUB_MESSAGE pStubMsg,
unsigned char** ppMemory, PFORMAT_STRING pFormat, unsigned char fMustAlloc )
{
- ULONG bufsize, memsize, esize, i;
+ ULONG bufsize, memsize, esize;
TRACE("(pStubMsg == ^%p, *pMemory == ^%p, pFormat == ^%p, fMustAlloc == %u)\n",
pStubMsg, *ppMemory, pFormat, fMustAlloc);
@@ -892,32 +901,7 @@ unsigned char *WINAPI NdrConformantStringUnmarshall( PMIDL_STUB_MESSAGE pStubMsg
memsize = safe_multiply(esize, pStubMsg->MaxCount);
bufsize = safe_multiply(esize, pStubMsg->ActualCount);
- /* strings must always have null terminating bytes */
- if (bufsize < esize)
- {
- ERR("invalid string length of %d\n", pStubMsg->ActualCount);
- RpcRaiseException(RPC_S_INVALID_BOUND);
- return NULL;
- }
-
- /* verify the buffer is safe to access */
- if ((pStubMsg->Buffer + bufsize < pStubMsg->Buffer) ||
- (pStubMsg->Buffer + bufsize > pStubMsg->BufferEnd))
- {
- ERR("bufsize 0x%x exceeded buffer end %p of buffer %p\n", bufsize,
- pStubMsg->BufferEnd, pStubMsg->Buffer);
- RpcRaiseException(RPC_X_BAD_STUB_DATA);
- return NULL;
- }
-
- for (i = bufsize - esize; i < bufsize; i++)
- if (pStubMsg->Buffer[i] != 0)
- {
- ERR("string not null-terminated at byte position %d, data is 0x%x\n",
- i, pStubMsg->Buffer[i]);
- RpcRaiseException(RPC_S_INVALID_BOUND);
- return NULL;
- }
+ validate_string_data(pStubMsg, bufsize, esize);
if (fMustAlloc)
*ppMemory = NdrAllocate(pStubMsg, memsize);
@@ -1002,7 +986,7 @@ unsigned char * WINAPI NdrNonConformantStringUnmarshall(PMIDL_STUB_MESSAGE pStu
PFORMAT_STRING pFormat,
unsigned char fMustAlloc)
{
- ULONG bufsize, memsize, esize, i, maxsize;
+ ULONG bufsize, memsize, esize, maxsize;
TRACE("(pStubMsg == ^%p, *pMemory == ^%p, pFormat == ^%p, fMustAlloc == %u)\n",
pStubMsg, *ppMemory, pFormat, fMustAlloc);
@@ -1027,31 +1011,7 @@ unsigned char * WINAPI NdrNonConformantStringUnmarshall(PMIDL_STUB_MESSAGE pStu
memsize = esize * maxsize;
bufsize = safe_multiply(esize, pStubMsg->ActualCount);
- if (bufsize < esize)
- {
- ERR("invalid string length of %d\n", pStubMsg->ActualCount);
- RpcRaiseException(RPC_S_INVALID_BOUND);
- return NULL;
- }
-
- /* verify the buffer is safe to access */
- if ((pStubMsg->Buffer + bufsize < pStubMsg->Buffer) ||
- (pStubMsg->Buffer + bufsize > pStubMsg->BufferEnd))
- {
- ERR("bufsize 0x%x exceeded buffer end %p of buffer %p\n", bufsize,
- pStubMsg->BufferEnd, pStubMsg->Buffer);
- RpcRaiseException(RPC_X_BAD_STUB_DATA);
- return NULL;
- }
-
- /* strings must always have null terminating bytes */
- for (i = bufsize - esize; i < bufsize; i++)
- if (pStubMsg->Buffer[i] != 0)
- {
- ERR("string not null-terminated at byte position %d, data is 0x%x\n",
- i, pStubMsg->Buffer[i]);
- RpcRaiseException(RPC_S_INVALID_BOUND);
- }
+ validate_string_data(pStubMsg, bufsize, esize);
if (fMustAlloc || !*ppMemory)
*ppMemory = NdrAllocate(pStubMsg, memsize);
@@ -1118,7 +1078,7 @@ void WINAPI NdrNonConformantStringBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
ULONG WINAPI NdrNonConformantStringMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
PFORMAT_STRING pFormat)
{
- ULONG bufsize, memsize, esize, i, maxsize;
+ ULONG bufsize, memsize, esize, maxsize;
TRACE("(pStubMsg == ^%p, pFormat == ^%p)\n", pStubMsg, pFormat);
@@ -1143,29 +1103,7 @@ ULONG WINAPI NdrNonConformantStringMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
memsize = esize * maxsize;
bufsize = safe_multiply(esize, pStubMsg->ActualCount);
- /* strings must always have null terminating bytes */
- if (bufsize < esize)
- {
- ERR("invalid string length of %d\n", pStubMsg->ActualCount);
- RpcRaiseException(RPC_S_INVALID_BOUND);
- }
-
- /* verify the buffer is safe to access */
- if ((pStubMsg->Buffer + bufsize < pStubMsg->Buffer) ||
- (pStubMsg->Buffer + bufsize > pStubMsg->BufferEnd))
- {
- ERR("bufsize 0x%x exceeded buffer end %p of buffer %p\n", bufsize,
- pStubMsg->BufferEnd, pStubMsg->Buffer);
- RpcRaiseException(RPC_X_BAD_STUB_DATA);
- }
-
- for (i = bufsize - esize; i < bufsize; i++)
- if (pStubMsg->Buffer[i] != 0)
- {
- ERR("string not null-terminated at byte position %d, data is 0x%x\n",
- i, pStubMsg->Buffer[i]);
- RpcRaiseException(RPC_S_INVALID_BOUND);
- }
+ validate_string_data(pStubMsg, bufsize, esize);
safe_buffer_increment(pStubMsg, bufsize);
pStubMsg->MemorySize += memsize;
@@ -4309,24 +4247,7 @@ unsigned char * WINAPI NdrConformantVaryingStructUnmarshall(PMIDL_STUB_MESSAGE
if ((cvarray_type == RPC_FC_C_CSTRING) ||
(cvarray_type == RPC_FC_C_WSTRING))
- {
- ULONG i;
- /* strings must always have null terminating bytes */
- if (bufsize < esize)
- {
- ERR("invalid string length of %d\n", pStubMsg->ActualCount);
- RpcRaiseException(RPC_S_INVALID_BOUND);
- return NULL;
- }
- for (i = bufsize - esize; i < bufsize; i++)
- if (pStubMsg->Buffer[i] != 0)
- {
- ERR("string not null-terminated at byte position %d, data is 0x%x\n",
- i, pStubMsg->Buffer[i]);
- RpcRaiseException(RPC_S_INVALID_BOUND);
- return NULL;
- }
- }
+ validate_string_data(pStubMsg, bufsize, esize);
/* copy the array data */
safe_copy_from_buffer(pStubMsg, *ppMemory + pCVStructFormat->memory_size, bufsize);
More information about the wine-cvs
mailing list