archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/admin/wmi/wbem/winmgmt/mofcomp_dll/bmofchck.cpp

405 lines
11 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (C) 1997-2001 Microsoft Corporation
  5. Module Name:
  7. BMOFCHCK.CPP
  9. Abstract:
  11. Has test to determine if a binary mof is valid. Note that the file has
  12. not been tested and is not currently a part of mofcomp. This exists as a
  13. backup in case the current fixes are not bullet proof.
  15. History:
  17. davj 27-Nov-00 Created.
  20. --*/
  22. #include "precomp.h"
  23. #include <wbemutil.h>
  24. #include <genutils.h>
  25. #include "trace.h"
  26. #include "bmof.h"
  28. BYTE * CheckObject(BYTE * pObj, BYTE * pToFar, DWORD dwSizeOfObj);
  29. DWORD CheckString(BYTE * pStr,BYTE * pToFar);
  30. void CheckClassOrInst(WBEM_Object * pObject, BYTE * pToFar);
  31. enum EFailureType
  32. {
  33. UNALIGNED_PTR = 0,
  34. BAD_OBJECT,
  35. BAD_SIZE,
  36. BAD_STRING,
  37. BAD_ARRAY_DATA,
  38. BAD_SCALAR_DATA,
  39. BAD_FLAVOR_TABLE
  40. };
  42. class CGenException
  43. {
  44. private:
  45. EFailureType m_eType;
  47. public:
  49. CGenException( EFailureType eType ){ m_eType =eType ;}
  50. EFailureType GetErrorCode() { return m_eType; }
  51. };
  54. #ifdef _WIN64
  55. #define RETURN_IF_UNALIGN64() return FALSE;
  56. #else
  57. #define RETURN_IF_UNALIGN64()
  58. #endif
  60. void CheckAlignment(DWORD dwToCheck)
  61. {
  62. if(dwToCheck & 3)
  63. {
  64. ERRORTRACE((LOG_MOFCOMP,"CheckAlignment\n"));
  65. #ifdef _WIN64
  66. throw CGenException( UNALIGNED_PTR );
  67. #endif
  68. }
  69. }
  71. DWORD CheckSimpleValue(BYTE *pData, BYTE *pToFar, DWORD dwType, BOOL bQualifier)
  72. {
  73. DWORD dwTypeSize = iTypeSize(dwType);
  74. if(dwTypeSize == 0)
  75. throw CGenException( BAD_SCALAR_DATA );
  77. if(dwType == VT_DISPATCH)
  78. {
  79. WBEM_Object * pObject;
  80. pObject = (WBEM_Object *)pData;
  81. CheckClassOrInst(pObject, pToFar);
  82. return pObject->dwLength;
  83. }
  84. else if(dwType == VT_BSTR)
  85. {
  86. DWORD dwNumChar = CheckString(pData ,pToFar);
  87. return (dwNumChar+1) * sizeof(WCHAR);
  88. }
  89. if(pData + dwTypeSize >= pToFar)
  90. throw CGenException( BAD_SCALAR_DATA );
  91. return dwTypeSize;
  92. }
  94. void CheckValue(BYTE * pData, BYTE * pToFar, DWORD dwType, BOOL bQualifier)
  95. {
  96. DWORD * pArrayInfo, dwNumObj, dwCnt;
  97. if(pData >= pToFar)
  98. throw CGenException( BAD_OBJECT );
  99. CheckAlignment((DWORD)pData);
  100. if(dwType & VT_ARRAY)
  101. {
  102. CheckObject(pData, pToFar, 4*sizeof(DWORD));
  103. DWORD dwSimpleType = dwType & ~VT_ARRAY & ~VT_BYREF;
  104. pArrayInfo = (DWORD *)pData;
  105. // check the number of rows. Currently only 1 is supported
  107. pArrayInfo++;
  108. if(*pArrayInfo != 1)
  109. {
  110. throw CGenException( BAD_ARRAY_DATA );
  111. }
  113. // Get the number of objects
  115. pArrayInfo++;
  116. dwNumObj = *pArrayInfo;
  118. // Start into the row. It starts off with the total size
  120. pArrayInfo++;
  121. CheckAlignment(*pArrayInfo);
  123. // Test each object
  125. pArrayInfo++; // now points to first object
  127. BYTE * pSingleData = (BYTE *)pArrayInfo;
  128. for(dwCnt = 0; dwCnt < dwNumObj; dwCnt++)
  129. {
  130. DWORD dwSize = CheckSimpleValue(pSingleData, pToFar, dwSimpleType, bQualifier);
  131. pSingleData += dwSize;
  132. }
  133. }
  134. else
  135. CheckSimpleValue(pData, pToFar, dwType, bQualifier);
  136. }
  138. BYTE * CheckObject(BYTE * pObj, BYTE * pToFar, DWORD dwSizeOfObj)
  139. {
  140. if(pObj + dwSizeOfObj >= pToFar)
  141. throw CGenException( BAD_OBJECT );
  142. CheckAlignment((DWORD)pObj);
  144. // these always start off with the size, make sure that is OK
  146. DWORD * pdw = (DWORD *)pObj;
  148. if(*pdw + pObj >= pToFar)
  149. throw CGenException( BAD_SIZE );
  150. return *pdw + pObj + 1;
  151. }
  152. DWORD CheckString(BYTE * pStr,BYTE * pToFar)
  153. {
  154. DWORD dwNumChar = 0;
  155. if(pStr >= pToFar)
  156. throw CGenException( BAD_STRING );
  157. CheckAlignment((DWORD)pStr);
  158. WCHAR * pwc;
  159. for(pwc = (WCHAR *)pStr; *pwc && pwc < (WCHAR*)pToFar; pwc++, dwNumChar++); // intentional semi
  160. if(pwc >= (WCHAR *)pToFar)
  161. throw CGenException( BAD_STRING );
  162. return dwNumChar;
  163. }
  165. void CheckQualifier(WBEM_Qualifier *pQual, BYTE * pToFar)
  166. {
  167. BYTE * pByteInfo = (BYTE *)pQual;
  168. pByteInfo += sizeof(WBEM_Qualifier);
  169. pToFar = CheckObject((BYTE *)pQual, pToFar, sizeof(WBEM_Qualifier));
  170. CheckString(pByteInfo + pQual->dwOffsetName, pToFar);
  171. CheckValue(pByteInfo + pQual->dwOffsetValue, pToFar, pQual->dwType, TRUE);
  172. return;
  173. }
  175. void CheckQualList(WBEM_QualifierList *pQualList, BYTE * pToFar)
  176. {
  177. DWORD dwNumQual, dwCnt;
  178. WBEM_Qualifier *pQual;
  180. pToFar = CheckObject((BYTE *)pQualList, pToFar, sizeof(WBEM_QualifierList));
  182. dwNumQual = pQualList->dwNumQualifiers;
  183. if(dwNumQual == 0)
  184. return;
  185. pQual = (WBEM_Qualifier *)((PBYTE)pQualList + sizeof(WBEM_QualifierList));
  187. for(dwCnt = 0; dwCnt < dwNumQual; dwCnt++)
  188. {
  189. CheckQualifier(pQual, pToFar);
  190. pQual = (WBEM_Qualifier *)((BYTE *)pQual + pQual->dwLength);
  191. }
  192. return;
  193. }
  195. void CheckProperty(WBEM_Property *pProperty, BOOL bProperty, BYTE * pToFar)
  196. {
  197. WBEM_QualifierList *pQualList;
  198. BYTE * pValue;
  199. pToFar = CheckObject((BYTE *)pProperty, pToFar, sizeof(WBEM_Property));
  200. if(pProperty->dwOffsetName != 0xffffffff)
  201. {
  202. BYTE * pStr = ((BYTE *)pProperty +
  203. sizeof(WBEM_Property) +
  204. pProperty->dwOffsetName);
  205. CheckString(pStr, pToFar);
  206. }
  208. if(pProperty->dwOffsetQualifierSet != 0xffffffff)
  209. {
  210. pQualList = (WBEM_QualifierList *)((BYTE *)pProperty +
  211. sizeof(WBEM_Property) +
  212. pProperty->dwOffsetQualifierSet);
  213. CheckQualList(pQualList, pToFar);
  214. }
  216. if(pProperty->dwOffsetValue != 0xffffffff)
  217. {
  218. CheckAlignment(pProperty->dwOffsetValue & 3);
  219. pValue = ((BYTE *)pProperty +
  220. sizeof(WBEM_Property) +
  221. pProperty->dwOffsetValue);
  223. CheckValue(pValue, pToFar, pProperty->dwType, FALSE);
  224. }
  225. return;
  226. }
  228. void CheckPropList(WBEM_PropertyList *pPropList, BOOL bProperty, BYTE * pToFar)
  229. {
  230. DWORD dwNumProp, dwCnt;
  231. WBEM_Property *pProperty;
  233. pToFar = CheckObject((BYTE *)pPropList, pToFar, sizeof(WBEM_PropertyList));
  235. dwNumProp = pPropList->dwNumberOfProperties;
  236. if(dwNumProp == 0)
  237. return;
  238. pProperty = (WBEM_Property *)((PBYTE)pPropList + sizeof(WBEM_PropertyList));
  240. for(dwCnt = 0; dwCnt < dwNumProp; dwCnt++)
  241. {
  242. CheckProperty(pProperty, bProperty, pToFar);
  243. pProperty = (WBEM_Property *)((BYTE *)pProperty + pProperty->dwLength);
  244. }
  245. return;
  246. }
  248. void CheckClassOrInst(WBEM_Object * pObject, BYTE * pToFar)
  249. {
  250. WBEM_QualifierList *pQualList;
  251. WBEM_PropertyList * pPropList;
  252. WBEM_PropertyList * pMethodList;
  254. pToFar = CheckObject((BYTE *)pObject, pToFar, sizeof(WBEM_Object));
  255. if(pObject->dwType != 0 && pObject->dwType != 1)
  256. throw CGenException( BAD_OBJECT );
  258. // Check the qualifier list
  260. if(pObject->dwOffsetQualifierList != 0xffffffff)
  261. {
  262. pQualList = (WBEM_QualifierList *)((BYTE *)pObject +
  263. sizeof(WBEM_Object) +
  264. pObject->dwOffsetQualifierList);
  265. CheckQualList(pQualList, pToFar);
  266. }
  268. // check the property list
  270. if(pObject->dwOffsetPropertyList != 0xffffffff)
  271. {
  272. pPropList = (WBEM_PropertyList *)((BYTE *)pObject +
  273. sizeof(WBEM_Object) +
  274. pObject->dwOffsetPropertyList);
  275. CheckPropList(pPropList, TRUE, pToFar);
  276. }
  278. // check the method list
  280. if(pObject->dwOffsetMethodList != 0xffffffff)
  281. {
  283. pMethodList = (WBEM_PropertyList *)((BYTE *)pObject +
  284. sizeof(WBEM_Object) +
  285. pObject->dwOffsetMethodList);
  286. CheckPropList(pMethodList, FALSE, pToFar);
  287. }
  288. return;
  289. }
  291. void CheckBMOFQualFlavor(BYTE * pBinaryMof, BYTE * pToFar)
  292. {
  293. UNALIGNED DWORD * pdwTemp;
  294. BYTE * pFlavorBlob;
  295. DWORD dwNumPairs;
  296. UNALIGNED DWORD * pOffset;
  297. DWORD dwMyOffset;
  298. DWORD dwCnt;
  299. DWORD dwOrigBlobSize = 0;
  301. // Calculate the pointer of the start of the flavor data
  303. pdwTemp = (DWORD * )pBinaryMof;
  304. pdwTemp++; // point to the original blob size
  305. dwOrigBlobSize = *pdwTemp;
  306. pFlavorBlob = pBinaryMof + dwOrigBlobSize;
  308. // Dont even try past the end of memory
  310. if(pFlavorBlob + 20 >= pToFar)
  311. return;
  313. // Check if the flavor blob is valid, it should start off with the
  314. // characters "BMOFQUALFLAVOR11"
  316. if(memcmp(pFlavorBlob, "BMOFQUALFLAVOR11", 16))
  317. return; // Not really a problem since it may be old file
  319. // The flavor part of the file has the format
  320. // DWORD dwNumPair, followed by pairs of dwords;
  321. // offset, flavor
  323. // Determine the number of pairs
  325. pFlavorBlob+= 16; // skip past signature
  326. pdwTemp = (DWORD *)pFlavorBlob;
  327. dwNumPairs = *pdwTemp; // Number of offset/value pairs
  328. if(dwNumPairs < 1)
  329. return;
  331. // Given the number of pairs, make sure there is enough memory
  333. if((pFlavorBlob + sizeof(DWORD) + (dwNumPairs * 2 * sizeof(DWORD)))>= pToFar)
  334. throw CGenException( BAD_FLAVOR_TABLE );
  336. // point to the first offset/flavor pair
  338. pOffset = pdwTemp+1;
  340. // go through the offset/flavor list. Ignore the flavors, but make sure the
  341. // offsets are valid
  343. for(dwCnt = 0; dwCnt < dwNumPairs; dwCnt++)
  344. {
  345. if(*pOffset >= dwOrigBlobSize)
  346. throw CGenException( BAD_FLAVOR_TABLE );
  347. pOffset += 2;
  348. }
  351. }
  353. //***************************************************************************
  354. //
  355. // IsValidBMOF.
  356. //
  357. // DESCRIPTION:
  358. //
  359. // Checks to make sure that a binary mof is properly aligned on
  360. // 4 byte boundaries. Note that this is not really necessary for
  361. // 32 bit windows.
  362. //
  363. // PARAMETERS:
  364. //
  365. // pBuffer Pointer to uncompressed binary mof data.
  366. //
  367. // RETURN:
  368. //
  369. // TRUE if all is well.
  370. //
  371. //***************************************************************************
  373. BOOL IsValidBMOF(BYTE * pData, BYTE * pToFar)
  374. {
  375. WBEM_Binary_MOF * pBinaryMof;
  376. DWORD dwNumObj, dwCnt;
  377. WBEM_Object * pObject;
  378. if(pData == NULL || pToFar == NULL || pData >= pToFar)
  379. return FALSE;
  380. try
  381. {
  383. pBinaryMof = (WBEM_Binary_MOF *)pData;
  384. CheckObject(pData, pToFar, sizeof(WBEM_Binary_MOF));
  385. if(pBinaryMof->dwSignature != BMOF_SIG)
  386. return FALSE;
  387. dwNumObj = pBinaryMof->dwNumberOfObjects;
  388. if(dwNumObj == 0)
  389. return TRUE;
  390. pObject = (WBEM_Object *)(pData + sizeof(WBEM_Binary_MOF));
  391. for(dwCnt = 0; dwCnt < dwNumObj; dwCnt++)
  392. {
  393. CheckClassOrInst(pObject, pToFar);
  394. pObject = (WBEM_Object *)((PBYTE *)pObject + pObject->dwLength);
  395. }
  396. CheckBMOFQualFlavor(pData, pToFar);
  397. }
  398. catch(CGenException)
  399. {
  400. ERRORTRACE((LOG_MOFCOMP,"BINARY MOF had exception\n"));
  401. return FALSE;
  402. }
  404. return TRUE;
  405. }