- more samba-4.15 fixes, release 59auto/th/openchange-2.3-59

author: Jakub Bogusz 2022-02-19 06:29:57 (GMT)
committer: Jakub Bogusz 2022-02-19 06:29:57 (GMT)
commit: 8693ab2485e05bc05e64f9d4c37533c00a5a7faf (patch)
tree: e38bc38e7553788cff2a503297d683f8c8f3ce4b
parent: 3a9a1b70a2aec02ca82af7482cb428a711c967ca (diff)
download: openchange-8693ab2485e05bc05e64f9d4c37533c00a5a7faf.zip
openchange-8693ab2485e05bc05e64f9d4c37533c00a5a7faf.tar.gz
2 files changed, 86 insertions, 1 deletions
diff --git a/openchange.spec b/openchange.spec
index 8c3b083..0d5882c 100644
--- a/openchange.spec
+++ b/openchange.spec
@@ -12,7 +12,7 @@ Summary:	OpenChange - portable implementation of MS Exchange Server and Exchange
 Summary(pl.UTF-8):	OpenChange - przenośna implementacja serwera oraz protokołów MS Exchange
 Name:		openchange
 Version:	2.3
-Release:	58
+Release:	59
 License:	GPL v3+
 Group:		Libraries
 #Source0Download: https://github.com/openchange/openchange/releases
diff --git a/samba-4.15.patch b/samba-4.15.patch
index 219ff14..5f32581 100644
--- a/samba-4.15.patch
+++ b/samba-4.15.patch
@@ -39,3 +39,88 @@
  	}
  
  	return MAPI_E_SUCCESS;
+--- openchange-openchange-2.3-VULCAN/ndr_mapi.c.orig	2022-02-19 07:21:05.221687320 +0100
++++ openchange-openchange-2.3-VULCAN/ndr_mapi.c	2022-02-19 07:21:12.288315703 +0100
+@@ -1220,6 +1220,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_EcDo
+ 	uint32_t	cntr_rgwClientVersion_0;
+ 	uint32_t	cntr_rgwServerVersion_0;
+ 	uint32_t	cntr_rgwBestVersion_0;
++	uint32_t        arrsize, arrlen;
+ 	TALLOC_CTX	*_mem_save_handle_0;
+ 	TALLOC_CTX	*_mem_save_pcmsPollsMax_0;
+ 	TALLOC_CTX	*_mem_save_pcRetry_0;
+@@ -1239,11 +1240,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_EcDo
+ 
+ 		NDR_CHECK(ndr_pull_array_size(ndr, &r->in.szUserDN));
+ 		NDR_CHECK(ndr_pull_array_length(ndr, &r->in.szUserDN));
+-		if (ndr_get_array_length(ndr, &r->in.szUserDN) > ndr_get_array_size(ndr, &r->in.szUserDN)) {
+-			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.szUserDN), ndr_get_array_length(ndr, &r->in.szUserDN));
++		NDR_CHECK(ndr_get_array_length(ndr, &r->in.szUserDN, &arrlen));
++		NDR_CHECK(ndr_get_array_size(ndr, &r->in.szUserDN, &arrsize));
++		if (arrlen > arrsize) {
++			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", arrsize, arrlen);
+ 		}
+-		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.szUserDN), sizeof(uint8_t)));
+-		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.szUserDN, ndr_get_array_length(ndr, &r->in.szUserDN), sizeof(uint8_t), CH_DOS));
++		NDR_CHECK(ndr_check_string_terminator(ndr, arrlen, sizeof(uint8_t)));
++		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.szUserDN, arrlen, sizeof(uint8_t), CH_DOS));
+ 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.ulFlags));
+ 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.ulConMod));
+ 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.cbLimit));
+@@ -1366,11 +1369,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_EcDo
+ 			NDR_PULL_SET_MEM_CTX(ndr, *r->out.szDNPrefix, 0);
+ 			NDR_CHECK(ndr_pull_array_size(ndr, r->out.szDNPrefix));
+ 			NDR_CHECK(ndr_pull_array_length(ndr, r->out.szDNPrefix));
+-			if (ndr_get_array_length(ndr, r->out.szDNPrefix) > ndr_get_array_size(ndr, r->out.szDNPrefix)) {
+-				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.szDNPrefix), ndr_get_array_length(ndr, r->out.szDNPrefix));
++			NDR_CHECK(ndr_get_array_length(ndr, &r->out.szDNPrefix, &arrlen));
++			NDR_CHECK(ndr_get_array_size(ndr, &r->out.szDNPrefix, &arrsize));
++			if (arrlen > arrsize) {
++				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", arrsize, arrlen);
+ 			}
+-			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.szDNPrefix), sizeof(uint8_t)));
+-			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.szDNPrefix, ndr_get_array_length(ndr, r->out.szDNPrefix), sizeof(uint8_t), CH_DOS));
++			NDR_CHECK(ndr_check_string_terminator(ndr, arrlen, sizeof(uint8_t)));
++			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.szDNPrefix, arrlen, sizeof(uint8_t), CH_DOS));
+ 			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_szDNPrefix_1, 0);
+ 		}
+ 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_szDNPrefix_0, LIBNDR_FLAG_REF_ALLOC);
+@@ -1391,11 +1396,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_EcDo
+ 			NDR_PULL_SET_MEM_CTX(ndr, *r->out.szDisplayName, 0);
+ 			NDR_CHECK(ndr_pull_array_size(ndr, r->out.szDisplayName));
+ 			NDR_CHECK(ndr_pull_array_length(ndr, r->out.szDisplayName));
+-			if (ndr_get_array_length(ndr, r->out.szDisplayName) > ndr_get_array_size(ndr, r->out.szDisplayName)) {
+-				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.szDisplayName), ndr_get_array_length(ndr, r->out.szDisplayName));
++			NDR_CHECK(ndr_get_array_length(ndr, &r->out.szDisplayName, &arrlen));
++			NDR_CHECK(ndr_get_array_size(ndr, &r->out.szDisplayName, &arrsize));
++			if (arrlen > arrsize) {
++				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", arrsize, arrlen);
+ 			}
+-			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.szDisplayName), sizeof(uint8_t)));
+-			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.szDisplayName, ndr_get_array_length(ndr, r->out.szDisplayName), sizeof(uint8_t), CH_DOS));
++			NDR_CHECK(ndr_check_string_terminator(ndr, arrlen, sizeof(uint8_t)));
++			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.szDisplayName, arrlen, sizeof(uint8_t), CH_DOS));
+ 			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_szDisplayName_1, 0);
+ 		}
+ 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_szDisplayName_0, LIBNDR_FLAG_REF_ALLOC);
+@@ -1415,14 +1422,16 @@ _PUBLIC_ enum ndr_err_code ndr_pull_EcDo
+ 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_pulTimeStamp_0, LIBNDR_FLAG_REF_ALLOC);
+ 		NDR_CHECK(ndr_pull_array_size(ndr, &r->out.rgbAuxOut));
+ 		NDR_CHECK(ndr_pull_array_length(ndr, &r->out.rgbAuxOut));
+-		if (ndr_get_array_length(ndr, &r->out.rgbAuxOut) > ndr_get_array_size(ndr, &r->out.rgbAuxOut)) {
+-			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->out.rgbAuxOut), ndr_get_array_length(ndr, &r->out.rgbAuxOut));
++		NDR_CHECK(ndr_get_array_length(ndr, &r->out.rgbAuxOut, &arrlen));
++		NDR_CHECK(ndr_get_array_size(ndr, &r->out.rgbAuxOut, &arrsize));
++		if (arrlen > arrsize) {
++			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", arrsize, arrlen);
+ 		}
+ 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+-			NDR_PULL_ALLOC_N(ndr, r->out.rgbAuxOut, ndr_get_array_size(ndr, &r->out.rgbAuxOut));
++			NDR_PULL_ALLOC_N(ndr, r->out.rgbAuxOut, arrsize);
+ 		}
+ 		/* Only try to pull rgbAuxOut if the fake array size is > 0 */
+-		if (ndr_get_array_size(ndr, &r->out.rgbAuxOut)) {
++		if (arrsize) {
+ 			_mem_save_rgbAuxOut_1 = NDR_PULL_GET_MEM_CTX(ndr);
+ 			NDR_PULL_SET_MEM_CTX(ndr, r->out.rgbAuxOut, 0);
+ 			NDR_CHECK(ndr_pull_mapi2k7_AuxInfo(ndr, NDR_SCALARS, r->out.rgbAuxOut));
author	Jakub Bogusz	2022-02-19 06:29:57 (GMT)
committer	Jakub Bogusz	2022-02-19 06:29:57 (GMT)
commit	8693ab2485e05bc05e64f9d4c37533c00a5a7faf (patch)
tree	e38bc38e7553788cff2a503297d683f8c8f3ce4b
parent	3a9a1b70a2aec02ca82af7482cb428a711c967ca (diff)
download	openchange-8693ab2485e05bc05e64f9d4c37533c00a5a7faf.zip openchange-8693ab2485e05bc05e64f9d4c37533c00a5a7faf.tar.gz