rpcrt4: Validate the uuid portion of the string passed to RpcStringBindingParseA/W.

This commit is contained in:
Rob Shearman 2008-07-31 08:19:32 +01:00 committed by Alexandre Julliard
parent 68e6be45e1
commit 1eaea13ebb
2 changed files with 24 additions and 4 deletions

View File

@ -481,7 +481,18 @@ RPC_STATUS WINAPI RpcStringBindingParseA( RPC_CSTR StringBinding, RPC_CSTR *ObjU
next = strchr(data, '@'); next = strchr(data, '@');
if (next) { if (next) {
if (ObjUuid) *ObjUuid = (unsigned char*)RPCRT4_strndupA(data, next - data); UUID uuid;
RPC_STATUS status;
RPC_CSTR str_uuid = (unsigned char*)RPCRT4_strndupA(data, next - data);
status = UuidFromStringA(str_uuid, &uuid);
if (status != RPC_S_OK) {
HeapFree(GetProcessHeap(), 0, str_uuid);
return status;
}
if (ObjUuid)
*ObjUuid = str_uuid;
else
HeapFree(GetProcessHeap(), 0, str_uuid);
data = next+1; data = next+1;
} }
@ -579,7 +590,18 @@ RPC_STATUS WINAPI RpcStringBindingParseW( RPC_WSTR StringBinding, RPC_WSTR *ObjU
next = strchrW(data, '@'); next = strchrW(data, '@');
if (next) { if (next) {
if (ObjUuid) *ObjUuid = RPCRT4_strndupW(data, next - data); UUID uuid;
RPC_STATUS status;
RPC_WSTR str_uuid = RPCRT4_strndupW(data, next - data);
status = UuidFromStringW(str_uuid, &uuid);
if (status != RPC_S_OK) {
HeapFree(GetProcessHeap(), 0, str_uuid);
return status;
}
if (ObjUuid)
*ObjUuid = str_uuid;
else
HeapFree(GetProcessHeap(), 0, str_uuid);
data = next+1; data = next+1;
} }

View File

@ -611,9 +611,7 @@ static void test_RpcStringBindingParseA(void)
/* test with invalid uuid */ /* test with invalid uuid */
status = RpcStringBindingParseA(invalid_uuid_binding, NULL, &protseq, NULL, NULL, NULL); status = RpcStringBindingParseA(invalid_uuid_binding, NULL, &protseq, NULL, NULL, NULL);
todo_wine
ok(status == RPC_S_INVALID_STRING_UUID, "RpcStringBindingParseA should have returned RPC_S_INVALID_STRING_UUID instead of %ld\n", status); ok(status == RPC_S_INVALID_STRING_UUID, "RpcStringBindingParseA should have returned RPC_S_INVALID_STRING_UUID instead of %ld\n", status);
todo_wine
ok(protseq == NULL, "protseq was %p instead of NULL\n", protseq); ok(protseq == NULL, "protseq was %p instead of NULL\n", protseq);
/* test with invalid endpoint */ /* test with invalid endpoint */