Nikolay Sivov : rpcrt4: Fix argument check in MesEncodeFixedBufferHandleCreate().
Alexandre Julliard
julliard at wine.codeweavers.com
Tue Mar 3 09:42:11 CST 2015
Module: wine
Branch: master
Commit: 37dd44158721d3dc2883418c3cef50ba46f1ae4d
URL: http://source.winehq.org/git/wine.git/?a=commit;h=37dd44158721d3dc2883418c3cef50ba46f1ae4d
Author: Nikolay Sivov <nsivov at codeweavers.com>
Date: Tue Mar 3 15:18:58 2015 +0300
rpcrt4: Fix argument check in MesEncodeFixedBufferHandleCreate().
---
dlls/rpcrt4/ndr_es.c | 12 ++++++++++++
dlls/rpcrt4/tests/ndr_marshall.c | 39 ++++++++++++++++++++++++++++++++++++++-
2 files changed, 50 insertions(+), 1 deletion(-)
diff --git a/dlls/rpcrt4/ndr_es.c b/dlls/rpcrt4/ndr_es.c
index fa3fe7b..73bd867 100644
--- a/dlls/rpcrt4/ndr_es.c
+++ b/dlls/rpcrt4/ndr_es.c
@@ -42,6 +42,7 @@ static inline void init_MIDL_ES_MESSAGE(MIDL_ES_MESSAGE *pEsMsg)
/* even if we are unmarshalling, as we don't want pointers to be pointed
* to buffer memory */
pEsMsg->StubMsg.IsClient = TRUE;
+ pEsMsg->MesVersion = 1;
}
/***********************************************************************
@@ -142,6 +143,17 @@ RPC_STATUS RPC_ENTRY MesEncodeFixedBufferHandleCreate(
TRACE("(%p, %d, %p, %p)\n", Buffer, BufferSize, pEncodedSize, pHandle);
+ if (!Buffer)
+ return RPC_S_INVALID_ARG;
+
+ if (((ULONG_PTR)Buffer % 8) != 0)
+ return RPC_X_INVALID_BUFFER;
+
+ if (!pEncodedSize)
+ return RPC_S_INVALID_ARG;
+
+ /* FIXME: check BufferSize too */
+
pEsMsg = HeapAlloc(GetProcessHeap(), 0, sizeof(*pEsMsg));
if (!pEsMsg)
return RPC_S_OUT_OF_MEMORY;
diff --git a/dlls/rpcrt4/tests/ndr_marshall.c b/dlls/rpcrt4/tests/ndr_marshall.c
index 1d8a64d..fd1cbbb 100644
--- a/dlls/rpcrt4/tests/ndr_marshall.c
+++ b/dlls/rpcrt4/tests/ndr_marshall.c
@@ -34,7 +34,7 @@
#include "rpc.h"
#include "rpcdce.h"
#include "rpcproxy.h"
-
+#include "midles.h"
static int my_alloc_called;
static int my_free_called;
@@ -2405,6 +2405,42 @@ static void test_NdrGetUserMarshalInfo(void)
"NdrGetUserMarshalInfo should have failed with RPC_S_INVALID_ARG instead of %d\n", status);
}
+static void test_MesEncodeFixedBufferHandleCreate(void)
+{
+ ULONG encoded_size;
+ RPC_STATUS status;
+ handle_t handle;
+ char *buffer;
+
+ status = MesEncodeFixedBufferHandleCreate(NULL, 0, NULL, NULL);
+ ok(status == RPC_S_INVALID_ARG, "got %d\n", status);
+
+ status = MesEncodeFixedBufferHandleCreate(NULL, 0, NULL, &handle);
+ ok(status == RPC_S_INVALID_ARG, "got %d\n", status);
+
+ status = MesEncodeFixedBufferHandleCreate((char*)0xdeadbeef, 0, NULL, &handle);
+ ok(status == RPC_X_INVALID_BUFFER, "got %d\n", status);
+
+ buffer = (void*)((0xdeadbeef + 7) & ~7);
+ status = MesEncodeFixedBufferHandleCreate(buffer, 0, NULL, &handle);
+ ok(status == RPC_S_INVALID_ARG, "got %d\n", status);
+
+ status = MesEncodeFixedBufferHandleCreate(buffer, 0, &encoded_size, &handle);
+todo_wine
+ ok(status == RPC_S_INVALID_ARG, "got %d\n", status);
+if (status == RPC_S_OK)
+ MesHandleFree(handle);
+
+ status = MesEncodeFixedBufferHandleCreate(buffer, 32, NULL, &handle);
+ ok(status == RPC_S_INVALID_ARG, "got %d\n", status);
+
+ status = MesEncodeFixedBufferHandleCreate(buffer, 32, &encoded_size, &handle);
+ ok(status == RPC_S_OK, "got %d\n", status);
+
+ status = MesHandleFree(handle);
+ ok(status == RPC_S_OK, "got %d\n", status);
+}
+
START_TEST( ndr_marshall )
{
determine_pointer_marshalling_style();
@@ -2425,4 +2461,5 @@ START_TEST( ndr_marshall )
test_ndr_buffer();
test_NdrMapCommAndFaultStatus();
test_NdrGetUserMarshalInfo();
+ test_MesEncodeFixedBufferHandleCreate();
}
More information about the wine-cvs
mailing list