You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
104 lines
6.9 KiB
104 lines
6.9 KiB
diff -up openchange-openchange-2.3-VULCAN/libmapi/IProfAdmin.c.samba-4.15 openchange-openchange-2.3-VULCAN/libmapi/IProfAdmin.c
|
|
--- openchange-openchange-2.3-VULCAN/libmapi/IProfAdmin.c.samba-4.15 2021-07-19 12:26:37.615770488 +0200
|
|
+++ openchange-openchange-2.3-VULCAN/libmapi/IProfAdmin.c 2021-07-19 12:26:39.640771957 +0200
|
|
@@ -794,7 +794,7 @@ _PUBLIC_ enum MAPISTATUS LoadProfile(str
|
|
cli_credentials_set_password(profile->credentials, profile->password, CRED_SPECIFIED);
|
|
}
|
|
if (use_krb != CRED_USE_KERBEROS_DESIRED) {
|
|
- cli_credentials_set_kerberos_state(profile->credentials, use_krb);
|
|
+ cli_credentials_set_kerberos_state(profile->credentials, use_krb, CRED_SPECIFIED);
|
|
}
|
|
|
|
return MAPI_E_SUCCESS;
|
|
diff -up openchange-openchange-2.3-VULCAN/ndr_mapi.c.samba-4.15 openchange-openchange-2.3-VULCAN/ndr_mapi.c
|
|
--- openchange-openchange-2.3-VULCAN/ndr_mapi.c.samba-4.15 2021-07-19 12:59:29.801210983 +0200
|
|
+++ openchange-openchange-2.3-VULCAN/ndr_mapi.c 2021-07-19 13:07:49.382594567 +0200
|
|
@@ -1235,15 +1235,18 @@ _PUBLIC_ enum ndr_err_code ndr_pull_EcDo
|
|
TALLOC_CTX *_mem_save_rgbAuxOut_1;
|
|
|
|
if (flags & NDR_IN) {
|
|
+ uint32_t array_length = 0, array_size = 0;
|
|
OC_ZERO_STRUCT(r->out);
|
|
|
|
NDR_CHECK(ndr_pull_array_size(ndr, &r->in.szUserDN));
|
|
NDR_CHECK(ndr_pull_array_length(ndr, &r->in.szUserDN));
|
|
- if (ndr_get_array_length(ndr, &r->in.szUserDN) > ndr_get_array_size(ndr, &r->in.szUserDN)) {
|
|
- return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.szUserDN), ndr_get_array_length(ndr, &r->in.szUserDN));
|
|
+ NDR_CHECK(ndr_get_array_length(ndr, &r->in.szUserDN, &array_length));
|
|
+ NDR_CHECK(ndr_get_array_size(ndr, &r->in.szUserDN, &array_size));
|
|
+ if (array_length > array_size) {
|
|
+ return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", array_size, array_length);
|
|
}
|
|
- NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.szUserDN), sizeof(uint8_t)));
|
|
- NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.szUserDN, ndr_get_array_length(ndr, &r->in.szUserDN), sizeof(uint8_t), CH_DOS));
|
|
+ NDR_CHECK(ndr_check_string_terminator(ndr, array_length, sizeof(uint8_t)));
|
|
+ NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.szUserDN, array_length, sizeof(uint8_t), CH_DOS));
|
|
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.ulFlags));
|
|
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.ulConMod));
|
|
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.cbLimit));
|
|
@@ -1317,6 +1320,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_EcDo
|
|
}
|
|
|
|
if (flags & NDR_OUT) {
|
|
+ uint32_t array_length = 0, array_size = 0;
|
|
if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
|
|
NDR_PULL_ALLOC(ndr, r->out.handle);
|
|
}
|
|
@@ -1366,11 +1370,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_EcDo
|
|
NDR_PULL_SET_MEM_CTX(ndr, *r->out.szDNPrefix, 0);
|
|
NDR_CHECK(ndr_pull_array_size(ndr, r->out.szDNPrefix));
|
|
NDR_CHECK(ndr_pull_array_length(ndr, r->out.szDNPrefix));
|
|
- if (ndr_get_array_length(ndr, r->out.szDNPrefix) > ndr_get_array_size(ndr, r->out.szDNPrefix)) {
|
|
- return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.szDNPrefix), ndr_get_array_length(ndr, r->out.szDNPrefix));
|
|
+ NDR_CHECK(ndr_get_array_length(ndr, r->out.szDNPrefix, &array_length));
|
|
+ NDR_CHECK(ndr_get_array_size(ndr, r->out.szDNPrefix, &array_size));
|
|
+ if (array_length > array_size) {
|
|
+ return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", array_size, array_length);
|
|
}
|
|
- NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.szDNPrefix), sizeof(uint8_t)));
|
|
- NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.szDNPrefix, ndr_get_array_length(ndr, r->out.szDNPrefix), sizeof(uint8_t), CH_DOS));
|
|
+ NDR_CHECK(ndr_check_string_terminator(ndr, array_length, sizeof(uint8_t)));
|
|
+ NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.szDNPrefix, array_length, sizeof(uint8_t), CH_DOS));
|
|
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_szDNPrefix_1, 0);
|
|
}
|
|
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_szDNPrefix_0, LIBNDR_FLAG_REF_ALLOC);
|
|
@@ -1391,11 +1397,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_EcDo
|
|
NDR_PULL_SET_MEM_CTX(ndr, *r->out.szDisplayName, 0);
|
|
NDR_CHECK(ndr_pull_array_size(ndr, r->out.szDisplayName));
|
|
NDR_CHECK(ndr_pull_array_length(ndr, r->out.szDisplayName));
|
|
- if (ndr_get_array_length(ndr, r->out.szDisplayName) > ndr_get_array_size(ndr, r->out.szDisplayName)) {
|
|
- return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.szDisplayName), ndr_get_array_length(ndr, r->out.szDisplayName));
|
|
+ NDR_CHECK(ndr_get_array_length(ndr, r->out.szDisplayName, &array_length));
|
|
+ NDR_CHECK(ndr_get_array_size(ndr, r->out.szDisplayName, &array_size));
|
|
+ if (array_length > array_size) {
|
|
+ return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", array_size, array_length);
|
|
}
|
|
- NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.szDisplayName), sizeof(uint8_t)));
|
|
- NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.szDisplayName, ndr_get_array_length(ndr, r->out.szDisplayName), sizeof(uint8_t), CH_DOS));
|
|
+ NDR_CHECK(ndr_check_string_terminator(ndr, array_length, sizeof(uint8_t)));
|
|
+ NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.szDisplayName, array_length, sizeof(uint8_t), CH_DOS));
|
|
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_szDisplayName_1, 0);
|
|
}
|
|
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_szDisplayName_0, LIBNDR_FLAG_REF_ALLOC);
|
|
@@ -1415,14 +1423,16 @@ _PUBLIC_ enum ndr_err_code ndr_pull_EcDo
|
|
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_pulTimeStamp_0, LIBNDR_FLAG_REF_ALLOC);
|
|
NDR_CHECK(ndr_pull_array_size(ndr, &r->out.rgbAuxOut));
|
|
NDR_CHECK(ndr_pull_array_length(ndr, &r->out.rgbAuxOut));
|
|
- if (ndr_get_array_length(ndr, &r->out.rgbAuxOut) > ndr_get_array_size(ndr, &r->out.rgbAuxOut)) {
|
|
- return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->out.rgbAuxOut), ndr_get_array_length(ndr, &r->out.rgbAuxOut));
|
|
+ NDR_CHECK(ndr_get_array_length(ndr, &r->out.rgbAuxOut, &array_length));
|
|
+ NDR_CHECK(ndr_get_array_size(ndr, &r->out.rgbAuxOut, &array_size));
|
|
+ if (array_length > array_size) {
|
|
+ return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", array_size, array_length);
|
|
}
|
|
if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
|
|
- NDR_PULL_ALLOC_N(ndr, r->out.rgbAuxOut, ndr_get_array_size(ndr, &r->out.rgbAuxOut));
|
|
+ NDR_PULL_ALLOC_N(ndr, r->out.rgbAuxOut, array_size);
|
|
}
|
|
/* Only try to pull rgbAuxOut if the fake array size is > 0 */
|
|
- if (ndr_get_array_size(ndr, &r->out.rgbAuxOut)) {
|
|
+ if (array_size) {
|
|
_mem_save_rgbAuxOut_1 = NDR_PULL_GET_MEM_CTX(ndr);
|
|
NDR_PULL_SET_MEM_CTX(ndr, r->out.rgbAuxOut, 0);
|
|
NDR_CHECK(ndr_pull_mapi2k7_AuxInfo(ndr, NDR_SCALARS, r->out.rgbAuxOut));
|