diff options
author | Jakub Bogusz | 2022-02-19 06:29:57 (GMT) |
---|---|---|
committer | Jakub Bogusz | 2022-02-19 06:29:57 (GMT) |
commit | 8693ab2485e05bc05e64f9d4c37533c00a5a7faf (patch) | |
tree | e38bc38e7553788cff2a503297d683f8c8f3ce4b | |
parent | 3a9a1b70a2aec02ca82af7482cb428a711c967ca (diff) | |
download | openchange-8693ab2485e05bc05e64f9d4c37533c00a5a7faf.zip openchange-8693ab2485e05bc05e64f9d4c37533c00a5a7faf.tar.gz |
- more samba-4.15 fixes, release 59auto/th/openchange-2.3-59
-rw-r--r-- | openchange.spec | 2 | ||||
-rw-r--r-- | samba-4.15.patch | 85 |
2 files changed, 86 insertions, 1 deletions
diff --git a/openchange.spec b/openchange.spec index 8c3b083..0d5882c 100644 --- a/openchange.spec +++ b/openchange.spec @@ -12,7 +12,7 @@ Summary: OpenChange - portable implementation of MS Exchange Server and Exchange Summary(pl.UTF-8): OpenChange - przenośna implementacja serwera oraz protokołów MS Exchange Name: openchange Version: 2.3 -Release: 58 +Release: 59 License: GPL v3+ Group: Libraries #Source0Download: https://github.com/openchange/openchange/releases diff --git a/samba-4.15.patch b/samba-4.15.patch index 219ff14..5f32581 100644 --- a/samba-4.15.patch +++ b/samba-4.15.patch @@ -39,3 +39,88 @@ } return MAPI_E_SUCCESS; +--- openchange-openchange-2.3-VULCAN/ndr_mapi.c.orig 2022-02-19 07:21:05.221687320 +0100 ++++ openchange-openchange-2.3-VULCAN/ndr_mapi.c 2022-02-19 07:21:12.288315703 +0100 +@@ -1220,6 +1220,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_EcDo + uint32_t cntr_rgwClientVersion_0; + uint32_t cntr_rgwServerVersion_0; + uint32_t cntr_rgwBestVersion_0; ++ uint32_t arrsize, arrlen; + TALLOC_CTX *_mem_save_handle_0; + TALLOC_CTX *_mem_save_pcmsPollsMax_0; + TALLOC_CTX *_mem_save_pcRetry_0; +@@ -1239,11 +1240,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_EcDo + + NDR_CHECK(ndr_pull_array_size(ndr, &r->in.szUserDN)); + NDR_CHECK(ndr_pull_array_length(ndr, &r->in.szUserDN)); +- if (ndr_get_array_length(ndr, &r->in.szUserDN) > ndr_get_array_size(ndr, &r->in.szUserDN)) { +- return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.szUserDN), ndr_get_array_length(ndr, &r->in.szUserDN)); ++ NDR_CHECK(ndr_get_array_length(ndr, &r->in.szUserDN, &arrlen)); ++ NDR_CHECK(ndr_get_array_size(ndr, &r->in.szUserDN, &arrsize)); ++ if (arrlen > arrsize) { ++ return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", arrsize, arrlen); + } +- NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.szUserDN), sizeof(uint8_t))); +- NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.szUserDN, ndr_get_array_length(ndr, &r->in.szUserDN), sizeof(uint8_t), CH_DOS)); ++ NDR_CHECK(ndr_check_string_terminator(ndr, arrlen, sizeof(uint8_t))); ++ NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.szUserDN, arrlen, sizeof(uint8_t), CH_DOS)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.ulFlags)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.ulConMod)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.cbLimit)); +@@ -1366,11 +1369,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_EcDo + NDR_PULL_SET_MEM_CTX(ndr, *r->out.szDNPrefix, 0); + NDR_CHECK(ndr_pull_array_size(ndr, r->out.szDNPrefix)); + NDR_CHECK(ndr_pull_array_length(ndr, r->out.szDNPrefix)); +- if (ndr_get_array_length(ndr, r->out.szDNPrefix) > ndr_get_array_size(ndr, r->out.szDNPrefix)) { +- return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.szDNPrefix), ndr_get_array_length(ndr, r->out.szDNPrefix)); ++ NDR_CHECK(ndr_get_array_length(ndr, &r->out.szDNPrefix, &arrlen)); ++ NDR_CHECK(ndr_get_array_size(ndr, &r->out.szDNPrefix, &arrsize)); ++ if (arrlen > arrsize) { ++ return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", arrsize, arrlen); + } +- NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.szDNPrefix), sizeof(uint8_t))); +- NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.szDNPrefix, ndr_get_array_length(ndr, r->out.szDNPrefix), sizeof(uint8_t), CH_DOS)); ++ NDR_CHECK(ndr_check_string_terminator(ndr, arrlen, sizeof(uint8_t))); ++ NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.szDNPrefix, arrlen, sizeof(uint8_t), CH_DOS)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_szDNPrefix_1, 0); + } + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_szDNPrefix_0, LIBNDR_FLAG_REF_ALLOC); +@@ -1391,11 +1396,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_EcDo + NDR_PULL_SET_MEM_CTX(ndr, *r->out.szDisplayName, 0); + NDR_CHECK(ndr_pull_array_size(ndr, r->out.szDisplayName)); + NDR_CHECK(ndr_pull_array_length(ndr, r->out.szDisplayName)); +- if (ndr_get_array_length(ndr, r->out.szDisplayName) > ndr_get_array_size(ndr, r->out.szDisplayName)) { +- return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.szDisplayName), ndr_get_array_length(ndr, r->out.szDisplayName)); ++ NDR_CHECK(ndr_get_array_length(ndr, &r->out.szDisplayName, &arrlen)); ++ NDR_CHECK(ndr_get_array_size(ndr, &r->out.szDisplayName, &arrsize)); ++ if (arrlen > arrsize) { ++ return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", arrsize, arrlen); + } +- NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.szDisplayName), sizeof(uint8_t))); +- NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.szDisplayName, ndr_get_array_length(ndr, r->out.szDisplayName), sizeof(uint8_t), CH_DOS)); ++ NDR_CHECK(ndr_check_string_terminator(ndr, arrlen, sizeof(uint8_t))); ++ NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.szDisplayName, arrlen, sizeof(uint8_t), CH_DOS)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_szDisplayName_1, 0); + } + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_szDisplayName_0, LIBNDR_FLAG_REF_ALLOC); +@@ -1415,14 +1422,16 @@ _PUBLIC_ enum ndr_err_code ndr_pull_EcDo + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_pulTimeStamp_0, LIBNDR_FLAG_REF_ALLOC); + NDR_CHECK(ndr_pull_array_size(ndr, &r->out.rgbAuxOut)); + NDR_CHECK(ndr_pull_array_length(ndr, &r->out.rgbAuxOut)); +- if (ndr_get_array_length(ndr, &r->out.rgbAuxOut) > ndr_get_array_size(ndr, &r->out.rgbAuxOut)) { +- return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->out.rgbAuxOut), ndr_get_array_length(ndr, &r->out.rgbAuxOut)); ++ NDR_CHECK(ndr_get_array_length(ndr, &r->out.rgbAuxOut, &arrlen)); ++ NDR_CHECK(ndr_get_array_size(ndr, &r->out.rgbAuxOut, &arrsize)); ++ if (arrlen > arrsize) { ++ return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", arrsize, arrlen); + } + if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { +- NDR_PULL_ALLOC_N(ndr, r->out.rgbAuxOut, ndr_get_array_size(ndr, &r->out.rgbAuxOut)); ++ NDR_PULL_ALLOC_N(ndr, r->out.rgbAuxOut, arrsize); + } + /* Only try to pull rgbAuxOut if the fake array size is > 0 */ +- if (ndr_get_array_size(ndr, &r->out.rgbAuxOut)) { ++ if (arrsize) { + _mem_save_rgbAuxOut_1 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->out.rgbAuxOut, 0); + NDR_CHECK(ndr_pull_mapi2k7_AuxInfo(ndr, NDR_SCALARS, r->out.rgbAuxOut)); |