ReactOS 0.4.15-dev-6068-g8061a6f
rpcb_prot.c
Go to the documentation of this file.
1
2/*
3 * Copyright (c) 2009, Sun Microsystems, Inc.
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
8 * - Redistributions of source code must retain the above copyright notice,
9 * this list of conditions and the following disclaimer.
10 * - Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 * - Neither the name of Sun Microsystems, Inc. nor the names of its
14 * contributors may be used to endorse or promote products derived
15 * from this software without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
18 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
21 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
22 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27 * POSSIBILITY OF SUCH DAMAGE.
28 */
29/*
30 * Copyright (c) 1986-1991 by Sun Microsystems Inc.
31 */
32
33/*
34 * rpcb_prot.c
35 * XDR routines for the rpcbinder version 3.
36 *
37 * Copyright (C) 1984, 1988, Sun Microsystems, Inc.
38 */
39
40#include <wintirpc.h>
41#include <rpc/rpc.h>
42#include <rpc/types.h>
43#include <rpc/xdr.h>
44#include <rpc/rpcb_prot.h>
45#ifdef __REACTOS__ // CVE-2017-8779
46#include "rpc_com.h"
47#endif
48
50xdr_rpcb(xdrs, objp)
51 XDR *xdrs;
52 RPCB *objp;
53{
54 if (!xdr_u_int32_t(xdrs, &objp->r_prog)) {
55 return (FALSE);
56 }
57 if (!xdr_u_int32_t(xdrs, &objp->r_vers)) {
58 return (FALSE);
59 }
60#ifndef __REACTOS__ // CVE-2017-8779
61 if (!xdr_string(xdrs, &objp->r_netid, (u_int)~0)) {
62 return (FALSE);
63 }
64 if (!xdr_string(xdrs, &objp->r_addr, (u_int)~0)) {
65 return (FALSE);
66 }
67 if (!xdr_string(xdrs, &objp->r_owner, (u_int)~0)) {
68 return (FALSE);
69 }
70#else
71 if (!xdr_string(xdrs, &objp->r_netid, RPC_MAXDATASIZE)) {
72 return (FALSE);
73 }
74 if (!xdr_string(xdrs, &objp->r_addr, RPC_MAXDATASIZE)) {
75 return (FALSE);
76 }
77 if (!xdr_string(xdrs, &objp->r_owner, RPC_MAXDATASIZE)) {
78 return (FALSE);
79 }
80#endif
81 return (TRUE);
82}
83
84/*
85 * rpcblist_ptr implements a linked list. The RPCL definition from
86 * rpcb_prot.x is:
87 *
88 * struct rpcblist {
89 * rpcb rpcb_map;
90 * struct rpcblist *rpcb_next;
91 * };
92 * typedef rpcblist *rpcblist_ptr;
93 *
94 * Recall that "pointers" in XDR are encoded as a boolean, indicating whether
95 * there's any data behind the pointer, followed by the data (if any exists).
96 * The boolean can be interpreted as ``more data follows me''; if FALSE then
97 * nothing follows the boolean; if TRUE then the boolean is followed by an
98 * actual struct rpcb, and another rpcblist_ptr (declared in RPCL as "struct
99 * rpcblist *").
100 *
101 * This could be implemented via the xdr_pointer type, though this would
102 * result in one recursive call per element in the list. Rather than do that
103 * we can ``unwind'' the recursion into a while loop and use xdr_reference to
104 * serialize the rpcb elements.
105 */
106
107bool_t
109 XDR *xdrs;
110 rpcblist_ptr *rp;
111{
112 /*
113 * more_elements is pre-computed in case the direction is
114 * XDR_ENCODE or XDR_FREE. more_elements is overwritten by
115 * xdr_bool when the direction is XDR_DECODE.
116 */
117 bool_t more_elements;
118 int freeing = (xdrs->x_op == XDR_FREE);
120 rpcblist_ptr next_copy;
121
122 next = NULL;
123 for (;;) {
124 more_elements = (bool_t)(*rp != NULL);
125 if (! xdr_bool(xdrs, &more_elements)) {
126 return (FALSE);
127 }
128 if (! more_elements) {
129 return (TRUE); /* we are done */
130 }
131 /*
132 * the unfortunate side effect of non-recursion is that in
133 * the case of freeing we must remember the next object
134 * before we free the current object ...
135 */
136 if (freeing)
137 next = (*rp)->rpcb_next;
138 if (! xdr_reference(xdrs, (caddr_t *)rp,
139 (u_int)sizeof (rpcblist), (xdrproc_t)xdr_rpcb)) {
140 return (FALSE);
141 }
142 if (freeing) {
143 next_copy = next;
144 rp = &next_copy;
145 /*
146 * Note that in the subsequent iteration, next_copy
147 * gets nulled out by the xdr_reference
148 * but next itself survives.
149 */
150 } else {
151 rp = &((*rp)->rpcb_next);
152 }
153 }
154 /*NOTREACHED*/
155}
156
157/*
158 * xdr_rpcblist() is specified to take a RPCBLIST **, but is identical in
159 * functionality to xdr_rpcblist_ptr().
160 */
161bool_t
163 XDR *xdrs;
164 RPCBLIST **rp;
165{
167
168 dummy = xdr_rpcblist_ptr(xdrs, (rpcblist_ptr *)rp);
169 return (dummy);
170}
171
172
173bool_t
174xdr_rpcb_entry(xdrs, objp)
175 XDR *xdrs;
176 rpcb_entry *objp;
177{
178#ifndef __REACTOS__ // CVE-2017-8779
179 if (!xdr_string(xdrs, &objp->r_maddr, (u_int)~0)) {
180 return (FALSE);
181 }
182 if (!xdr_string(xdrs, &objp->r_nc_netid, (u_int)~0)) {
183 return (FALSE);
184 }
185#else
186 if (!xdr_string(xdrs, &objp->r_maddr, RPC_MAXDATASIZE)) {
187 return (FALSE);
188 }
189 if (!xdr_string(xdrs, &objp->r_nc_netid, RPC_MAXDATASIZE)) {
190 return (FALSE);
191 }
192#endif
193 if (!xdr_u_int32_t(xdrs, &objp->r_nc_semantics)) {
194 return (FALSE);
195 }
196#ifndef __REACTOS__ // CVE-2017-8779
197 if (!xdr_string(xdrs, &objp->r_nc_protofmly, (u_int)~0)) {
198 return (FALSE);
199 }
200 if (!xdr_string(xdrs, &objp->r_nc_proto, (u_int)~0)) {
201 return (FALSE);
202 }
203#else
204 if (!xdr_string(xdrs, &objp->r_nc_protofmly, RPC_MAXDATASIZE)) {
205 return (FALSE);
206 }
207 if (!xdr_string(xdrs, &objp->r_nc_proto, RPC_MAXDATASIZE)) {
208 return (FALSE);
209 }
210#endif
211 return (TRUE);
212}
213
214bool_t
216 XDR *xdrs;
218{
219 /*
220 * more_elements is pre-computed in case the direction is
221 * XDR_ENCODE or XDR_FREE. more_elements is overwritten by
222 * xdr_bool when the direction is XDR_DECODE.
223 */
224 bool_t more_elements;
225 int freeing = (xdrs->x_op == XDR_FREE);
227 rpcb_entry_list_ptr next_copy;
228
229 next = NULL;
230 for (;;) {
231 more_elements = (bool_t)(*rp != NULL);
232 if (! xdr_bool(xdrs, &more_elements)) {
233 return (FALSE);
234 }
235 if (! more_elements) {
236 return (TRUE); /* we are done */
237 }
238 /*
239 * the unfortunate side effect of non-recursion is that in
240 * the case of freeing we must remember the next object
241 * before we free the current object ...
242 */
243 if (freeing)
244 next = (*rp)->rpcb_entry_next;
245 if (! xdr_reference(xdrs, (caddr_t *)rp,
246 (u_int)sizeof (rpcb_entry_list),
248 return (FALSE);
249 }
250 if (freeing) {
251 next_copy = next;
252 rp = &next_copy;
253 /*
254 * Note that in the subsequent iteration, next_copy
255 * gets nulled out by the xdr_reference
256 * but next itself survives.
257 */
258 } else {
259 rp = &((*rp)->rpcb_entry_next);
260 }
261 }
262 /*NOTREACHED*/
263}
264
265/*
266 * XDR remote call arguments
267 * written for XDR_ENCODE direction only
268 */
269bool_t
271 XDR *xdrs;
272 struct rpcb_rmtcallargs *p;
273{
274 struct r_rpcb_rmtcallargs *objp =
275 (struct r_rpcb_rmtcallargs *)(void *)p;
276 u_int lenposition, argposition, position;
277 int32_t *buf;
278
279 buf = XDR_INLINE(xdrs, 3 * BYTES_PER_XDR_UNIT);
280 if (buf == NULL) {
281 if (!xdr_u_int32_t(xdrs, &objp->prog)) {
282 return (FALSE);
283 }
284 if (!xdr_u_int32_t(xdrs, &objp->vers)) {
285 return (FALSE);
286 }
287 if (!xdr_u_int32_t(xdrs, &objp->proc)) {
288 return (FALSE);
289 }
290 } else {
291 IXDR_PUT_U_INT32(buf, objp->prog);
292 IXDR_PUT_U_INT32(buf, objp->vers);
293 IXDR_PUT_U_INT32(buf, objp->proc);
294 }
295
296 /*
297 * All the jugglery for just getting the size of the arguments
298 */
299 lenposition = XDR_GETPOS(xdrs);
300 if (! xdr_u_int(xdrs, &(objp->args.args_len))) {
301 return (FALSE);
302 }
303 argposition = XDR_GETPOS(xdrs);
304 if (! (*objp->xdr_args)(xdrs, objp->args.args_val)) {
305 return (FALSE);
306 }
307 position = XDR_GETPOS(xdrs);
308 objp->args.args_len = (u_int)((u_long)position - (u_long)argposition);
309 XDR_SETPOS(xdrs, lenposition);
310 if (! xdr_u_int(xdrs, &(objp->args.args_len))) {
311 return (FALSE);
312 }
313 XDR_SETPOS(xdrs, position);
314 return (TRUE);
315}
316
317/*
318 * XDR remote call results
319 * written for XDR_DECODE direction only
320 */
321bool_t
323 XDR *xdrs;
324 struct rpcb_rmtcallres *p;
325{
327 struct r_rpcb_rmtcallres *objp = (struct r_rpcb_rmtcallres *)(void *)p;
328
329#ifdef __REACTOS__ // CVE-2017-8779
330 if (!xdr_string(xdrs, &objp->addr, RPC_MAXDATASIZE)) {
331#else
332 if (!xdr_string(xdrs, &objp->addr, (u_int)~0)) {
333#endif
334 return (FALSE);
335 }
336 if (!xdr_u_int(xdrs, &objp->results.results_len)) {
337 return (FALSE);
338 }
339 dummy = (*(objp->xdr_res))(xdrs, objp->results.results_val);
340 return (dummy);
341}
342
343bool_t
344xdr_netbuf(xdrs, objp)
345 XDR *xdrs;
346 struct netbuf *objp;
347{
349
350 if (!xdr_u_int32_t(xdrs, (u_int32_t *) &objp->maxlen)) {
351 return (FALSE);
352 }
353#ifdef __REACTOS__ // CVE-2017-8779
354
355 if (objp->maxlen > RPC_MAXDATASIZE) {
356 return (FALSE);
357 }
358
359#endif
360 dummy = xdr_bytes(xdrs, (char **)&(objp->buf),
361 (u_int *)&(objp->len), objp->maxlen);
362 return (dummy);
363}
bool_t xdr_u_int(XDR *xdrs, u_int *up)
Definition: xdr.c:133
bool_t xdr_string(XDR *xdrs, char **cpp, u_int maxsize)
Definition: xdr.c:678
bool_t xdr_bool(XDR *xdrs, bool_t *bp)
Definition: xdr.c:428
bool_t xdr_u_int32_t(XDR *xdrs, u_int32_t *u_int32_p)
Definition: xdr.c:239
bool_t xdr_bytes(XDR *xdrs, char **cpp, u_int *sizep, u_int maxsize)
Definition: xdr.c:536
UINT32 u_int
Definition: types.h:82
#define NULL
Definition: types.h:112
int32_t bool_t
Definition: types.h:101
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
INT32 int32_t
Definition: types.h:71
unsigned long u_long
Definition: linux.h:269
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751
GLfloat GLfloat p
Definition: glext.h:8902
static unsigned __int64 next
Definition: rand_nt.c:6
unsigned int u_int32_t
Definition: rosdhcp.h:35
char * caddr_t
Definition: rosdhcp.h:36
bool_t xdr_netbuf(XDR *xdrs, struct netbuf *objp)
Definition: rpcb_prot.c:344
bool_t xdr_rpcb_rmtcallres(XDR *xdrs, struct rpcb_rmtcallres *p)
Definition: rpcb_prot.c:322
bool_t xdr_rpcblist_ptr(XDR *xdrs, rpcblist_ptr *rp)
Definition: rpcb_prot.c:108
bool_t xdr_rpcblist(XDR *xdrs, RPCBLIST **rp)
Definition: rpcb_prot.c:162
bool_t xdr_rpcb(XDR *xdrs, RPCB *objp)
Definition: rpcb_prot.c:50
bool_t xdr_rpcb_rmtcallargs(XDR *xdrs, struct rpcb_rmtcallargs *p)
Definition: rpcb_prot.c:270
bool_t xdr_rpcb_entry()
bool_t xdr_rpcb_entry_list_ptr()
#define IXDR_PUT_U_INT32(buf, v)
Definition: rpcb_prot.h:21
#define RPC_MAXDATASIZE
Definition: rpc_com.h:51
Definition: xdr.h:103
enum xdr_op x_op
Definition: xdr.h:104
Definition: types.h:144
xdrproc_t xdr_args
Definition: rpcb_prot.h:260
rpcprog_t prog
Definition: rpcb_prot.h:253
struct r_rpcb_rmtcallargs::@198 args
rpcvers_t vers
Definition: rpcb_prot.h:254
rpcproc_t proc
Definition: rpcb_prot.h:255
struct r_rpcb_rmtcallres::@200 results
xdrproc_t xdr_res
Definition: rpcb_prot.h:295
Definition: rpcb_prot.h:326
Definition: rpcb_prot.h:305
char * r_netid
Definition: rpcb_prot.h:143
rpcvers_t r_vers
Definition: rpcb_prot.h:142
char * r_owner
Definition: rpcb_prot.h:145
rpcprog_t r_prog
Definition: rpcb_prot.h:141
char * r_addr
Definition: rpcb_prot.h:144
#define XDR_INLINE(xdrs, len)
Definition: xdr.h:209
@ XDR_FREE
Definition: xdr.h:87
#define XDR_SETPOS(xdrs, pos)
Definition: xdr.h:204
bool_t(* xdrproc_t)(XDR *,...)
Definition: xdr.h:144
#define XDR_GETPOS(xdrs)
Definition: xdr.h:199
#define BYTES_PER_XDR_UNIT
Definition: xdr.h:93
bool_t xdr_reference(XDR *xdrs, caddr_t *pp, u_int size, xdrproc_t proc)
Definition: xdr_reference.c:62