From 1eaea13ebbd388d9727f879055f6a1357ad8e4ad Mon Sep 17 00:00:00 2001 From: Rob Shearman Date: Thu, 31 Jul 2008 08:19:32 +0100 Subject: [PATCH] rpcrt4: Validate the uuid portion of the string passed to RpcStringBindingParseA/W. --- dlls/rpcrt4/rpc_binding.c | 26 ++++++++++++++++++++++++-- dlls/rpcrt4/tests/rpc.c | 2 -- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/dlls/rpcrt4/rpc_binding.c b/dlls/rpcrt4/rpc_binding.c index e42b8f9d676..a439bc371de 100644 --- a/dlls/rpcrt4/rpc_binding.c +++ b/dlls/rpcrt4/rpc_binding.c @@ -481,7 +481,18 @@ RPC_STATUS WINAPI RpcStringBindingParseA( RPC_CSTR StringBinding, RPC_CSTR *ObjU next = strchr(data, '@'); if (next) { - if (ObjUuid) *ObjUuid = (unsigned char*)RPCRT4_strndupA(data, next - data); + UUID uuid; + RPC_STATUS status; + RPC_CSTR str_uuid = (unsigned char*)RPCRT4_strndupA(data, next - data); + status = UuidFromStringA(str_uuid, &uuid); + if (status != RPC_S_OK) { + HeapFree(GetProcessHeap(), 0, str_uuid); + return status; + } + if (ObjUuid) + *ObjUuid = str_uuid; + else + HeapFree(GetProcessHeap(), 0, str_uuid); data = next+1; } @@ -579,7 +590,18 @@ RPC_STATUS WINAPI RpcStringBindingParseW( RPC_WSTR StringBinding, RPC_WSTR *ObjU next = strchrW(data, '@'); if (next) { - if (ObjUuid) *ObjUuid = RPCRT4_strndupW(data, next - data); + UUID uuid; + RPC_STATUS status; + RPC_WSTR str_uuid = RPCRT4_strndupW(data, next - data); + status = UuidFromStringW(str_uuid, &uuid); + if (status != RPC_S_OK) { + HeapFree(GetProcessHeap(), 0, str_uuid); + return status; + } + if (ObjUuid) + *ObjUuid = str_uuid; + else + HeapFree(GetProcessHeap(), 0, str_uuid); data = next+1; } diff --git a/dlls/rpcrt4/tests/rpc.c b/dlls/rpcrt4/tests/rpc.c index 671159d9107..19a0a944743 100644 --- a/dlls/rpcrt4/tests/rpc.c +++ b/dlls/rpcrt4/tests/rpc.c @@ -611,9 +611,7 @@ static void test_RpcStringBindingParseA(void) /* test with invalid uuid */ status = RpcStringBindingParseA(invalid_uuid_binding, NULL, &protseq, NULL, NULL, NULL); - todo_wine ok(status == RPC_S_INVALID_STRING_UUID, "RpcStringBindingParseA should have returned RPC_S_INVALID_STRING_UUID instead of %ld\n", status); - todo_wine ok(protseq == NULL, "protseq was %p instead of NULL\n", protseq); /* test with invalid endpoint */