ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

rpcrt4: Raise an exception during unmarshaling if a conformant string isn't null-terminated.

This commit is contained in:
Robert Shearman 2006-06-10 12:32:01 +01:00 committed by Alexandre Julliard
parent 6e95bfe85a
commit cec6092aa2
1 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
dlls/rpcrt4/ndr_marshall.c
View File

@ -667,7 +667,7 @@ unsigned long WINAPI NdrConformantStringMemorySize( PMIDL_STUB_MESSAGE pStubMsg,
unsigned char *WINAPI NdrConformantStringUnmarshall( PMIDL_STUB_MESSAGE pStubMsg, unsigned char *WINAPI NdrConformantStringUnmarshall( PMIDL_STUB_MESSAGE pStubMsg,
unsigned char** ppMemory, PFORMAT_STRING pFormat, unsigned char fMustAlloc ) unsigned char** ppMemory, PFORMAT_STRING pFormat, unsigned char fMustAlloc )
{ {
unsigned long size, esize; ULONG size, esize, i;
TRACE("(pStubMsg == ^%p, *pMemory == ^%p, pFormat == ^%p, fMustAlloc == %u)\n", TRACE("(pStubMsg == ^%p, *pMemory == ^%p, pFormat == ^%p, fMustAlloc == %u)\n",
pStubMsg, *ppMemory, pFormat, fMustAlloc); pStubMsg, *ppMemory, pFormat, fMustAlloc);
@ -687,6 +687,22 @@ unsigned char *WINAPI NdrConformantStringUnmarshall( PMIDL_STUB_MESSAGE pStubMsg
size = safe_multiply(esize, pStubMsg->ActualCount); size = safe_multiply(esize, pStubMsg->ActualCount);
/* strings must always have null terminating bytes */
if (size < esize)
{
ERR("invalid string length of %ld\n", pStubMsg->ActualCount);
RpcRaiseException(RPC_S_INVALID_BOUND);
return NULL;
}
for (i = size - esize; i < size; i++)
if (pStubMsg->Buffer[i] != 0)
{
ERR("string not null-terminated at byte position %ld, data is 0x%x\n",
i, pStubMsg->Buffer[i]);
RpcRaiseException(RPC_S_INVALID_BOUND);
return NULL;
}
if (fMustAlloc || !*ppMemory) if (fMustAlloc || !*ppMemory)
*ppMemory = NdrAllocate(pStubMsg, size); *ppMemory = NdrAllocate(pStubMsg, size);