ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

rpcrt4: Check that strings are null-terminated on unmarshaling of conformant-varying structs.

This commit is contained in:
Robert Shearman 2006-06-10 12:32:35 +01:00 committed by Alexandre Julliard
parent a946eb420b
commit 613ee6d01c
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
dlls/rpcrt4/ndr_marshall.c
View File

@ -3202,6 +3202,28 @@ unsigned char * WINAPI NdrConformantVaryingStructUnmarshall(PMIDL_STUB_MESSAGE
pCVArrayFormat = ReadVariance(pStubMsg, pCVArrayFormat); pCVArrayFormat = ReadVariance(pStubMsg, pCVArrayFormat);
bufsize = safe_multiply(esize, pStubMsg->ActualCount); bufsize = safe_multiply(esize, pStubMsg->ActualCount);
if ((cvarray_type == RPC_FC_C_CSTRING) ||
(cvarray_type == RPC_FC_C_WSTRING))
{
ULONG i;
/* strings must always have null terminating bytes */
if (bufsize < esize)
{
ERR("invalid string length of %ld\n", pStubMsg->ActualCount);
RpcRaiseException(RPC_S_INVALID_BOUND);
return NULL;
}
for (i = bufsize - esize; i < bufsize; i++)
if (pStubMsg->Buffer[i] != 0)
{
ERR("string not null-terminated at byte position %ld, data is 0x%x\n",
i, pStubMsg->Buffer[i]);
RpcRaiseException(RPC_S_INVALID_BOUND);
return NULL;
}
}
/* copy the array data */ /* copy the array data */
memcpy(*ppMemory + pCVStructFormat->memory_size, pStubMsg->Buffer, memcpy(*ppMemory + pCVStructFormat->memory_size, pStubMsg->Buffer,
bufsize); bufsize);