rpcrt4: Fix argument check in MesEncodeFixedBufferHandleCreate().

37dd4415 · Nikolay Sivov · Alexandre Julliard · 0810db96 · 37dd4415 · 37dd4415
Commit 37dd4415 authored Mar 03, 2015 by Nikolay Sivov Committed by Alexandre Julliard Mar 03, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 50 additions and 1 deletion

ndr_es.c dlls/rpcrt4/ndr_es.c +12 -0

ndr_marshall.c dlls/rpcrt4/tests/ndr_marshall.c +38 -1

No files found.
--- a/dlls/rpcrt4/ndr_es.c
+++ b/dlls/rpcrt4/ndr_es.c
@@ -42,6 +42,7 @@ static inline void init_MIDL_ES_MESSAGE(MIDL_ES_MESSAGE *pEsMsg)
    /* even if we are unmarshalling, as we don't want pointers to be pointed
     * to buffer memory */
    pEsMsg->StubMsg.IsClient = TRUE;
+    pEsMsg->MesVersion = 1;
 }
 /***********************************************************************
@@ -142,6 +143,17 @@ RPC_STATUS RPC_ENTRY MesEncodeFixedBufferHandleCreate(
    TRACE("(%p, %d, %p, %p)\n", Buffer, BufferSize, pEncodedSize, pHandle);
+    if (!Buffer)
+        return RPC_S_INVALID_ARG;
+    if (((ULONG_PTR)Buffer % 8) != 0)
+        return RPC_X_INVALID_BUFFER;
+    if (!pEncodedSize)
+        return RPC_S_INVALID_ARG;
+    /* FIXME: check BufferSize too */
    pEsMsg = HeapAlloc(GetProcessHeap(), 0, sizeof(*pEsMsg));
    if (!pEsMsg)
        return RPC_S_OUT_OF_MEMORY;

--- a/dlls/rpcrt4/tests/ndr_marshall.c
+++ b/dlls/rpcrt4/tests/ndr_marshall.c
@@ -34,7 +34,7 @@
 #include "rpc.h"
 #include "rpcdce.h"
 #include "rpcproxy.h"
+#include "midles.h"
 static int my_alloc_called;
 static int my_free_called;
@@ -2405,6 +2405,42 @@ static void test_NdrGetUserMarshalInfo(void)
        "NdrGetUserMarshalInfo should have failed with RPC_S_INVALID_ARG instead of %d\n", status);
 }
+static void test_MesEncodeFixedBufferHandleCreate(void)
+{
+    ULONG encoded_size;
+    RPC_STATUS status;
+    handle_t handle;
+    char *buffer;
+    status = MesEncodeFixedBufferHandleCreate(NULL, 0, NULL, NULL);
+    ok(status == RPC_S_INVALID_ARG, "got %d\n", status);
+    status = MesEncodeFixedBufferHandleCreate(NULL, 0, NULL, &handle);
+    ok(status == RPC_S_INVALID_ARG, "got %d\n", status);
+    status = MesEncodeFixedBufferHandleCreate((char*)0xdeadbeef, 0, NULL, &handle);
+    ok(status == RPC_X_INVALID_BUFFER, "got %d\n", status);
+    buffer = (void*)((0xdeadbeef + 7) & ~7);
+    status = MesEncodeFixedBufferHandleCreate(buffer, 0, NULL, &handle);
+    ok(status == RPC_S_INVALID_ARG, "got %d\n", status);
+    status = MesEncodeFixedBufferHandleCreate(buffer, 0, &encoded_size, &handle);
+todo_wine
+    ok(status == RPC_S_INVALID_ARG, "got %d\n", status);
+if (status == RPC_S_OK)
+    MesHandleFree(handle);
+    status = MesEncodeFixedBufferHandleCreate(buffer, 32, NULL, &handle);
+    ok(status == RPC_S_INVALID_ARG, "got %d\n", status);
+    status = MesEncodeFixedBufferHandleCreate(buffer, 32, &encoded_size, &handle);
+    ok(status == RPC_S_OK, "got %d\n", status);
+    status = MesHandleFree(handle);
+    ok(status == RPC_S_OK, "got %d\n", status);
+}
 START_TEST( ndr_marshall )
 {
    determine_pointer_marshalling_style();
@@ -2425,4 +2461,5 @@ START_TEST( ndr_marshall )
    test_ndr_buffer();
    test_NdrMapCommAndFaultStatus();
    test_NdrGetUserMarshalInfo();
+    test_MesEncodeFixedBufferHandleCreate();
 }