Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
openslp.14485
openslp.parseoob.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openslp.parseoob.diff of Package openslp.14485
--- ./common/slp_v1message.c.orig 2018-06-29 08:44:14.547016045 +0000 +++ ./common/slp_v1message.c 2018-06-29 08:58:56.816762442 +0000 @@ -145,7 +145,7 @@ static int v1ParseSrvRqst(const SLPBuffe /* Parse the PRList. */ srvrqst->prlistlen = GetUINT16(&buffer->curpos); srvrqst->prlist = GetStrPtr(&buffer->curpos, srvrqst->prlistlen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 2 > buffer->end) return SLP_ERROR_PARSE_ERROR; if ((result = SLPv1AsUTF8(encoding, (char *) srvrqst->prlist, &srvrqst->prlistlen)) != 0) @@ -258,6 +258,8 @@ static int v1ParseSrvReg(const SLPBuffer if (!tmp) return SLP_ERROR_PARSE_ERROR; srvreg->srvtypelen = tmp - srvreg->srvtype; + if (buffer->curpos + 2 > buffer->end) + return SLP_ERROR_PARSE_ERROR; /* Parse the <attr-list>, and convert to UTF-8. */ srvreg->attrlistlen = GetUINT16(&buffer->curpos); @@ -339,7 +341,7 @@ static int v1ParseSrvDeReg(const SLPBuff srvdereg->urlentry.urllen = GetUINT16(&buffer->curpos); srvdereg->urlentry.url = GetStrPtr(&buffer->curpos, srvdereg->urlentry.urllen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 2 > buffer->end) return SLP_ERROR_PARSE_ERROR; if ((result = SLPv1AsUTF8(encoding, (char *)srvdereg->urlentry.url, &srvdereg->urlentry.urllen)) != 0) @@ -423,7 +425,7 @@ static int v1ParseAttrRqst(const SLPBuff attrrqst->prlistlen = GetUINT16(&buffer->curpos); attrrqst->prlist = GetStrPtr(&buffer->curpos, attrrqst->prlistlen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 2 > buffer->end) return SLP_ERROR_PARSE_ERROR; if ((result = SLPv1AsUTF8(encoding, (char *)attrrqst->prlist, &attrrqst->prlistlen)) != 0) @@ -432,7 +434,7 @@ static int v1ParseAttrRqst(const SLPBuff /* Parse the URL, and convert to UTF-8. */ attrrqst->urllen = GetUINT16(&buffer->curpos); attrrqst->url = GetStrPtr(&buffer->curpos, attrrqst->urllen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 2 > buffer->end) return SLP_ERROR_PARSE_ERROR; if ((result = SLPv1AsUTF8(encoding, (char *)attrrqst->url, &attrrqst->urllen)) != 0) @@ -455,6 +457,8 @@ static int v1ParseAttrRqst(const SLPBuff attrrqst->scopelist = "DEFAULT"; attrrqst->scopelistlen = 7; } + if (buffer->curpos + 2 > buffer->end) + return SLP_ERROR_PARSE_ERROR; /* Parse the <select-list>, and convert to UTF-8. */ attrrqst->taglistlen = GetUINT16(&buffer->curpos); @@ -574,7 +578,7 @@ static int v1ParseSrvTypeRqst(const SLPB /* Parse the <Previous Responders Addr Spec>, and convert to UTF-8. */ srvtyperqst->prlistlen = GetUINT16(&buffer->curpos); srvtyperqst->prlist = GetStrPtr(&buffer->curpos, srvtyperqst->prlistlen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 2 > buffer->end) return SLP_ERROR_PARSE_ERROR; if ((result = SLPv1AsUTF8(encoding, (char *)srvtyperqst->prlist, &srvtyperqst->prlistlen)) != 0) @@ -594,6 +598,8 @@ static int v1ParseSrvTypeRqst(const SLPB &srvtyperqst->namingauthlen)) != 0) return result; } + if (buffer->curpos + 2 > buffer->end) + return SLP_ERROR_PARSE_ERROR; /* Parse the <Scope String>, and convert to UTF-8. */ srvtyperqst->scopelistlen = GetUINT16(&buffer->curpos); --- ./common/slp_v2message.c.orig 2018-06-29 08:44:19.295003972 +0000 +++ ./common/slp_v2message.c 2018-06-29 08:53:23.189616206 +0000 @@ -127,7 +127,7 @@ static int v2ParseUrlEntry(SLPBuffer buf urlentry->lifetime = GetUINT16(&buffer->curpos); urlentry->urllen = GetUINT16(&buffer->curpos); urlentry->url = GetStrPtr(&buffer->curpos, urlentry->urllen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 1 > buffer->end) return SLP_ERROR_PARSE_ERROR; /* Parse authentication block. */ @@ -186,26 +186,26 @@ static int v2ParseSrvRqst(SLPBuffer buff /* Parse the <PRList> string. */ srvrqst->prlistlen = GetUINT16(&buffer->curpos); srvrqst->prlist = GetStrPtr(&buffer->curpos, srvrqst->prlistlen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 2 > buffer->end) return SLP_ERROR_PARSE_ERROR; /* Parse the <service-type> string. */ srvrqst->srvtypelen = GetUINT16(&buffer->curpos); srvrqst->srvtype = GetStrPtr(&buffer->curpos, srvrqst->srvtypelen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 2 > buffer->end) return SLP_ERROR_PARSE_ERROR; /* Parse the <scope-list> string. */ srvrqst->scopelistlen = GetUINT16(&buffer->curpos); srvrqst->scopelist = GetStrPtr(&buffer->curpos, srvrqst->scopelistlen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 2 > buffer->end) return SLP_ERROR_PARSE_ERROR; /* Parse the <predicate> string. */ srvrqst->predicatever = 2; /* SLPv2 predicate (LDAPv3) */ srvrqst->predicatelen = GetUINT16(&buffer->curpos); srvrqst->predicate = GetStrPtr(&buffer->curpos, srvrqst->predicatelen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 2 > buffer->end) return SLP_ERROR_PARSE_ERROR; /* Parse the <SLP SPI> string. */ @@ -303,23 +303,25 @@ static int v2ParseSrvReg(SLPBuffer buffe result = v2ParseUrlEntry(buffer, &srvreg->urlentry); if (result != 0) return result; + if (buffer->curpos + 2 > buffer->end) + return SLP_ERROR_PARSE_ERROR; /* Parse the <service-type> string. */ srvreg->srvtypelen = GetUINT16(&buffer->curpos); srvreg->srvtype = GetStrPtr(&buffer->curpos, srvreg->srvtypelen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 2 > buffer->end) return SLP_ERROR_PARSE_ERROR; /* Parse the <scope-list> string. */ srvreg->scopelistlen = GetUINT16(&buffer->curpos); srvreg->scopelist = GetStrPtr(&buffer->curpos, srvreg->scopelistlen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 2 > buffer->end) return SLP_ERROR_PARSE_ERROR; /* Parse the <attr-list> string. */ srvreg->attrlistlen = GetUINT16(&buffer->curpos); srvreg->attrlist = GetStrPtr(&buffer->curpos, srvreg->attrlistlen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 1 > buffer->end) return SLP_ERROR_PARSE_ERROR; /* Parse AttrAuth block list (if present). */ @@ -379,6 +381,8 @@ static int v2ParseSrvDeReg(SLPBuffer buf result = v2ParseUrlEntry(buffer, &srvdereg->urlentry); if (result) return result; + if (buffer->curpos + 2 > buffer->end) + return SLP_ERROR_PARSE_ERROR; /* Parse the <tag-list>. */ srvdereg->taglistlen = GetUINT16(&buffer->curpos); @@ -395,7 +399,7 @@ static int v2ParseSrvDeReg(SLPBuffer buf * @param[out] srvack - The server ACK object into which * @p buffer should be parsed. * - * @return Zero (success) always. + * @return Zero on success, or a non-zero error code. * * @internal */ @@ -407,6 +411,8 @@ static int v2ParseSrvAck(SLPBuffer buffe | Error Code | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ + if (buffer->curpos + 2 > buffer->end) + return SLP_ERROR_PARSE_ERROR; /* Parse the Error Code. */ srvack->errorcode = GetUINT16(&buffer->curpos); @@ -446,25 +452,25 @@ static int v2ParseAttrRqst(SLPBuffer buf /* Parse the <PRList> string. */ attrrqst->prlistlen = GetUINT16(&buffer->curpos); attrrqst->prlist = GetStrPtr(&buffer->curpos, attrrqst->prlistlen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 2 > buffer->end) return SLP_ERROR_PARSE_ERROR; /* Parse the URL. */ attrrqst->urllen = GetUINT16(&buffer->curpos); attrrqst->url = GetStrPtr(&buffer->curpos, attrrqst->urllen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 2 > buffer->end) return SLP_ERROR_PARSE_ERROR; /* Parse the <scope-list> string. */ attrrqst->scopelistlen = GetUINT16(&buffer->curpos); attrrqst->scopelist = GetStrPtr(&buffer->curpos, attrrqst->scopelistlen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 2 > buffer->end) return SLP_ERROR_PARSE_ERROR; /* Parse the <tag-list> string. */ attrrqst->taglistlen = GetUINT16(&buffer->curpos); attrrqst->taglist = GetStrPtr(&buffer->curpos, attrrqst->taglistlen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 2 > buffer->end) return SLP_ERROR_PARSE_ERROR; /* Parse the <SLP SPI> string. */ @@ -516,7 +522,7 @@ static int v2ParseAttrRply(SLPBuffer buf /* Parse the <attr-list>. */ attrrply->attrlistlen = GetUINT16(&buffer->curpos); attrrply->attrlist = GetStrPtr(&buffer->curpos, attrrply->attrlistlen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 1 > buffer->end) return SLP_ERROR_PARSE_ERROR; /* Parse the Attribute Authentication Block list (if present). */ @@ -590,25 +596,25 @@ static int v2ParseDAAdvert(SLPBuffer buf /* Parse out the URL. */ daadvert->urllen = GetUINT16(&buffer->curpos); daadvert->url = GetStrPtr(&buffer->curpos, daadvert->urllen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 2 > buffer->end) return SLP_ERROR_PARSE_ERROR; /* Parse the <scope-list>. */ daadvert->scopelistlen = GetUINT16(&buffer->curpos); daadvert->scopelist = GetStrPtr(&buffer->curpos, daadvert->scopelistlen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 2 > buffer->end) return SLP_ERROR_PARSE_ERROR; /* Parse the <attr-list>. */ daadvert->attrlistlen = GetUINT16(&buffer->curpos); daadvert->attrlist = GetStrPtr(&buffer->curpos, daadvert->attrlistlen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 2 > buffer->end) return SLP_ERROR_PARSE_ERROR; /* Parse the <SLP SPI List> String. */ daadvert->spilistlen = GetUINT16(&buffer->curpos); daadvert->spilist = GetStrPtr(&buffer->curpos, daadvert->spilistlen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 1 > buffer->end) return SLP_ERROR_PARSE_ERROR; /* Parse the authentication block list (if any). */ @@ -663,7 +669,7 @@ static int v2ParseSrvTypeRqst(SLPBuffer /* Parse the PRList. */ srvtyperqst->prlistlen = GetUINT16(&buffer->curpos); srvtyperqst->prlist = GetStrPtr(&buffer->curpos, srvtyperqst->prlistlen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 2 > buffer->end) return SLP_ERROR_PARSE_ERROR; /* Parse the Naming Authority. */ @@ -674,7 +680,7 @@ static int v2ParseSrvTypeRqst(SLPBuffer else srvtyperqst->namingauth = GetStrPtr(&buffer->curpos, srvtyperqst->namingauthlen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 2 > buffer->end) return SLP_ERROR_PARSE_ERROR; /* Parse the <scope-list>. */ @@ -763,19 +769,19 @@ static int v2ParseSAAdvert(SLPBuffer buf /* Parse out the URL. */ saadvert->urllen = GetUINT16(&buffer->curpos); saadvert->url = GetStrPtr(&buffer->curpos, saadvert->urllen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 2 > buffer->end) return SLP_ERROR_PARSE_ERROR; /* Parse the <scope-list>. */ saadvert->scopelistlen = GetUINT16(&buffer->curpos); saadvert->scopelist = GetStrPtr(&buffer->curpos, saadvert->scopelistlen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 2 > buffer->end) return SLP_ERROR_PARSE_ERROR; /* Parse the <attr-list>. */ saadvert->attrlistlen = GetUINT16(&buffer->curpos); saadvert->attrlist = GetStrPtr(&buffer->curpos, saadvert->attrlistlen); - if (buffer->curpos > buffer->end) + if (buffer->curpos + 1 > buffer->end) return SLP_ERROR_PARSE_ERROR; /* Parse the authentication block list (if any). */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor