Module: wine Branch: master Commit: 689a49b52ac462b9988429cd89423faa10b1c33b URL: http://source.winehq.org/git/wine.git/?a=commit;h=689a49b52ac462b9988429cd89...
Author: Rob Shearman robertshearman@gmail.com Date: Tue Mar 10 23:41:39 2009 +0000
rpcrt4: Add a check for a NULL ref pointer to NdrPointerUnmarshall.
---
dlls/rpcrt4/ndr_marshall.c | 24 +++++++++++++++++------- 1 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/dlls/rpcrt4/ndr_marshall.c b/dlls/rpcrt4/ndr_marshall.c index 05eb638..b29186c 100644 --- a/dlls/rpcrt4/ndr_marshall.c +++ b/dlls/rpcrt4/ndr_marshall.c @@ -1500,18 +1500,28 @@ unsigned char * WINAPI NdrPointerUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
TRACE("(%p,%p,%p,%d)\n", pStubMsg, ppMemory, pFormat, fMustAlloc);
- /* Increment the buffer here instead of in PointerUnmarshall, - * as that is used by embedded pointers which already handle the incrementing - * the buffer, and shouldn't read any additional pointer data from the - * buffer */ - if (*pFormat != RPC_FC_RP) + if (*pFormat == RPC_FC_RP) { - ALIGN_POINTER(pStubMsg->Buffer, 4); Buffer = pStubMsg->Buffer; - safe_buffer_increment(pStubMsg, 4); + /* Do the NULL ref pointer check here because embedded pointers can be + * NULL if the type the pointer is embedded in was allocated rather than + * being passed in by the client */ + if (pStubMsg->IsClient && !*ppMemory) + { + ERR("NULL ref pointer is not allowed\n"); + RpcRaiseException(RPC_X_NULL_REF_POINTER); + } } else + { + /* Increment the buffer here instead of in PointerUnmarshall, + * as that is used by embedded pointers which already handle the incrementing + * the buffer, and shouldn't read any additional pointer data from the + * buffer */ + ALIGN_POINTER(pStubMsg->Buffer, 4); Buffer = pStubMsg->Buffer; + safe_buffer_increment(pStubMsg, 4); + }
PointerUnmarshall(pStubMsg, Buffer, ppMemory, *ppMemory, pFormat, fMustAlloc);