mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
842 lines
23 KiB
842 lines
23 KiB
/*+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
Copyright (c) 1993 Microsoft Corporation
|
|
|
|
Module Name :
|
|
|
|
misc.c
|
|
|
|
Abstract :
|
|
|
|
Contains miscelaneous helper routines.
|
|
|
|
Author :
|
|
|
|
David Kays dkays December 1993.
|
|
|
|
Revision History :
|
|
|
|
---------------------------------------------------------------------*/
|
|
|
|
#include "ndrp.h"
|
|
#include "attack.h"
|
|
|
|
uchar *
|
|
NdrpMemoryIncrement(
|
|
PMIDL_STUB_MESSAGE pStubMsg,
|
|
uchar * pMemory,
|
|
PFORMAT_STRING pFormat
|
|
)
|
|
/*++
|
|
|
|
Routine Description :
|
|
|
|
Returns a memory pointer incremeted past a complex data type. This routine
|
|
is also overloaded to compute the size of a complex data type by passing
|
|
a 0 memory pointer.
|
|
|
|
Arguments :
|
|
|
|
pStubMsg - Pointer to the stub message.
|
|
pMemory - Pointer to the complex type, or 0 if a size is being computed.
|
|
pFormat - Format string description.
|
|
|
|
Return :
|
|
|
|
A memory pointer incremented past the complex type. If a 0 memory pointer
|
|
was passed in then the returned value is the size of the complex type.
|
|
|
|
--*/
|
|
{
|
|
long Elements;
|
|
long ElementSize;
|
|
|
|
switch ( *pFormat )
|
|
{
|
|
//
|
|
// Structs
|
|
//
|
|
case FC_STRUCT :
|
|
case FC_PSTRUCT :
|
|
case FC_HARD_STRUCT :
|
|
pMemory += *((ushort *)(pFormat + 2));
|
|
break;
|
|
|
|
case FC_CSTRUCT :
|
|
case FC_CVSTRUCT :
|
|
case FC_CPSTRUCT :
|
|
pMemory += *((ushort *)(pFormat + 2));
|
|
|
|
// Get conformant array or string description.
|
|
pFormat += 4;
|
|
pFormat += *((signed short *)pFormat);
|
|
|
|
// This flag is set by the endianess pass only.
|
|
if ( ! IS_TOPMOST_CONF_STRUCT( pStubMsg->uFlags ) )
|
|
{
|
|
// When embedding in a bogus struct, array is accounted
|
|
// at the conf struct level, due to pointer layout.
|
|
// Get the memory pointer past the conformant array.
|
|
pMemory = NdrpMemoryIncrement( pStubMsg,
|
|
pMemory,
|
|
pFormat );
|
|
}
|
|
break;
|
|
|
|
case FC_BOGUS_STRUCT :
|
|
pMemory += *((ushort *)(pFormat + 2));
|
|
|
|
pFormat += 4;
|
|
|
|
// Check for a conformant array or string in the struct.
|
|
if ( *((signed short *)pFormat) )
|
|
{
|
|
pFormat += *((signed short *)pFormat);
|
|
|
|
if ( !IS_EMBED_CONF_STRUCT( pStubMsg->uFlags ) &&
|
|
! IS_CONF_ARRAY_DONE( pStubMsg->uFlags ) )
|
|
{
|
|
// Get the memory pointer past the conformant array.
|
|
pMemory = NdrpMemoryIncrement( pStubMsg,
|
|
pMemory,
|
|
pFormat );
|
|
}
|
|
}
|
|
break;
|
|
|
|
//
|
|
// Unions
|
|
//
|
|
case FC_ENCAPSULATED_UNION :
|
|
pMemory += HIGH_NIBBLE(pFormat[1]);
|
|
pMemory += *((ushort *)(pFormat + 2));
|
|
break;
|
|
|
|
case FC_NON_ENCAPSULATED_UNION :
|
|
// Go to the size/arm description.
|
|
pFormat += 6;
|
|
CORRELATION_DESC_INCREMENT( pFormat );
|
|
pFormat += *((signed short *)pFormat);
|
|
|
|
pMemory += *((ushort *)pFormat);
|
|
break;
|
|
|
|
//
|
|
// Arrays
|
|
//
|
|
case FC_SMFARRAY :
|
|
case FC_SMVARRAY :
|
|
pMemory += *((ushort *)(pFormat + 2));
|
|
break;
|
|
|
|
case FC_LGFARRAY :
|
|
case FC_LGVARRAY :
|
|
pMemory += *((ulong UNALIGNED *)(pFormat + 2));
|
|
break;
|
|
|
|
case FC_CARRAY:
|
|
case FC_CVARRAY:
|
|
{
|
|
ULONG_PTR ConfSize = NdrpComputeConformance( pStubMsg,
|
|
pMemory,
|
|
pFormat);
|
|
// check for possible mulitplication overflow attack here.
|
|
pMemory += MultiplyWithOverflowCheck( ConfSize, *((ushort *)(pFormat + 2)) );
|
|
}
|
|
break;
|
|
|
|
case FC_BOGUS_ARRAY :
|
|
{
|
|
PARRAY_INFO pArrayInfo = pStubMsg->pArrayInfo;
|
|
|
|
if ( *((long UNALIGNED *)(pFormat + 4)) == 0xffffffff )
|
|
Elements = *((ushort *)(pFormat + 2));
|
|
else
|
|
{
|
|
if ( pArrayInfo &&
|
|
pArrayInfo->MaxCountArray &&
|
|
(pArrayInfo->MaxCountArray ==
|
|
pArrayInfo->BufferConformanceMark) )
|
|
{
|
|
Elements = pArrayInfo->MaxCountArray[pArrayInfo->Dimension];
|
|
}
|
|
else
|
|
{
|
|
Elements = (ulong) NdrpComputeConformance( pStubMsg,
|
|
pMemory,
|
|
pFormat );
|
|
}
|
|
}
|
|
|
|
// Go to the array element's description.
|
|
pFormat += 12;
|
|
CORRELATION_DESC_INCREMENT( pFormat );
|
|
CORRELATION_DESC_INCREMENT( pFormat );
|
|
|
|
//
|
|
// Get the size of one element.
|
|
//
|
|
switch ( *pFormat )
|
|
{
|
|
case FC_ENUM16 :
|
|
ElementSize = sizeof(int);
|
|
break;
|
|
|
|
case FC_RP :
|
|
case FC_UP :
|
|
case FC_FP :
|
|
case FC_OP :
|
|
ElementSize = PTR_MEM_SIZE;
|
|
break;
|
|
|
|
case FC_EMBEDDED_COMPLEX :
|
|
//
|
|
// It's some complicated thingy.
|
|
//
|
|
pFormat += 2;
|
|
pFormat += *((signed short *)pFormat);
|
|
|
|
if ( (*pFormat == FC_TRANSMIT_AS) ||
|
|
(*pFormat == FC_REPRESENT_AS) ||
|
|
(*pFormat == FC_USER_MARSHAL) )
|
|
{
|
|
//
|
|
// Get the presented type size.
|
|
//
|
|
ElementSize = *((ushort *)(pFormat + 4));
|
|
}
|
|
else
|
|
{
|
|
if ( pArrayInfo )
|
|
pArrayInfo->Dimension++;
|
|
|
|
ElementSize = (long)
|
|
( NdrpMemoryIncrement( pStubMsg,
|
|
pMemory,
|
|
pFormat ) - pMemory );
|
|
|
|
if ( pArrayInfo )
|
|
pArrayInfo->Dimension--;
|
|
}
|
|
break;
|
|
|
|
case FC_RANGE:
|
|
ElementSize = SIMPLE_TYPE_MEMSIZE( (pFormat[1] & 0x0f) );
|
|
break;
|
|
|
|
default :
|
|
if ( IS_SIMPLE_TYPE(*pFormat) )
|
|
{
|
|
ElementSize = SIMPLE_TYPE_MEMSIZE(*pFormat);
|
|
break;
|
|
}
|
|
|
|
NDR_ASSERT(0,"NdrpMemoryIncrement : bad format char");
|
|
RpcRaiseException( RPC_S_INTERNAL_ERROR );
|
|
return 0;
|
|
}
|
|
|
|
// check for possible mulitplication overflow attack here.
|
|
pMemory += MultiplyWithOverflowCheck( Elements, ElementSize );
|
|
}
|
|
|
|
break;
|
|
|
|
//
|
|
// String arrays (a.k.a. non-conformant strings).
|
|
//
|
|
case FC_CSTRING :
|
|
case FC_BSTRING :
|
|
case FC_WSTRING :
|
|
{
|
|
ULONG ElementSize = (*pFormat == FC_WSTRING) ? sizeof(wchar_t) : sizeof(char) ;
|
|
ULONG Elements = *((ushort *)(pFormat + 2)) ;
|
|
// check for possible mulitplication overflow attack here.
|
|
pMemory += MultiplyWithOverflowCheck( Elements, ElementSize );
|
|
}
|
|
break;
|
|
|
|
case FC_SSTRING :
|
|
// check for possible mulitplication overflow attack here.
|
|
pMemory += MultiplyWithOverflowCheck( pFormat[1], *((ushort *)(pFormat + 2) ) );
|
|
break;
|
|
|
|
//
|
|
// Sized conformant strings.
|
|
//
|
|
case FC_C_CSTRING:
|
|
case FC_C_BSTRING:
|
|
case FC_C_WSTRING:
|
|
{
|
|
PARRAY_INFO pArrayInfo = pStubMsg->pArrayInfo;
|
|
ULONG ElementSize = (*pFormat == FC_C_WSTRING) ?
|
|
sizeof(wchar_t) :
|
|
sizeof(char);
|
|
|
|
NDR_ASSERT(pFormat[1] == FC_STRING_SIZED,
|
|
"NdrpMemoryIncrement : called for non-sized string");
|
|
|
|
if ( pArrayInfo &&
|
|
pArrayInfo->MaxCountArray &&
|
|
(pArrayInfo->MaxCountArray ==
|
|
pArrayInfo->BufferConformanceMark) )
|
|
{
|
|
Elements = pArrayInfo->MaxCountArray[pArrayInfo->Dimension];
|
|
}
|
|
else
|
|
{
|
|
Elements = (ulong) NdrpComputeConformance( pStubMsg,
|
|
pMemory,
|
|
pFormat );
|
|
}
|
|
|
|
// check for possible mulitplication overflow attack here.
|
|
pMemory += MultiplyWithOverflowCheck( Elements, ElementSize );
|
|
}
|
|
break;
|
|
|
|
case FC_C_SSTRING:
|
|
{
|
|
PARRAY_INFO pArrayInfo = pStubMsg->pArrayInfo;
|
|
|
|
if ( pArrayInfo &&
|
|
pArrayInfo->MaxCountArray &&
|
|
(pArrayInfo->MaxCountArray ==
|
|
pArrayInfo->BufferConformanceMark) )
|
|
{
|
|
Elements = pArrayInfo->MaxCountArray[pArrayInfo->Dimension];
|
|
}
|
|
else
|
|
{
|
|
Elements = (ulong) NdrpComputeConformance( pStubMsg,
|
|
pMemory,
|
|
pFormat );
|
|
}
|
|
|
|
// check for possible mulitplication overflow attack here.
|
|
pMemory += MultiplyWithOverflowCheck( Elements, pFormat[1] );
|
|
}
|
|
break;
|
|
|
|
//
|
|
// Transmit as, represent as, user marshal
|
|
//
|
|
case FC_TRANSMIT_AS :
|
|
case FC_REPRESENT_AS :
|
|
case FC_USER_MARSHAL :
|
|
// Get the presented type size.
|
|
pMemory += *((ushort *)(pFormat + 4));
|
|
break;
|
|
|
|
case FC_BYTE_COUNT_POINTER:
|
|
//
|
|
// Should only hit this case when called from NdrSrvOutInit().
|
|
// In this case it's the total byte count allocation size we're
|
|
// looking for.
|
|
//
|
|
// We are taking the larger of conformant size and the real data
|
|
// type size, otherwise, we might give user a partially invalid
|
|
// buffer, and that'll come back to bite us during sizing/marshalling
|
|
{
|
|
uchar * pMemory1 = pMemory;
|
|
uchar * pMemory2 = pMemory;
|
|
PFORMAT_STRING pFormat2 = pFormat;
|
|
|
|
if ( pFormat[1] != FC_PAD )
|
|
{
|
|
pMemory2 += SIMPLE_TYPE_MEMSIZE( pFormat[1] );
|
|
}
|
|
else
|
|
{
|
|
|
|
// go pass the conformance & get to the real type
|
|
pFormat2 += 6;
|
|
CORRELATION_DESC_INCREMENT( pFormat2 );
|
|
pFormat2 += *((signed short *)pFormat2);
|
|
|
|
pMemory2 = NdrpMemoryIncrement( pStubMsg,
|
|
pMemory2,
|
|
pFormat2 );
|
|
|
|
}
|
|
|
|
pMemory1 += NdrpComputeConformance( pStubMsg,
|
|
pMemory1,
|
|
pFormat );
|
|
|
|
pMemory = ( pMemory1 > pMemory2 )? pMemory1 : pMemory2;
|
|
break;
|
|
}
|
|
|
|
case FC_IP :
|
|
pMemory += PTR_MEM_SIZE;
|
|
break;
|
|
|
|
case FC_RANGE:
|
|
pMemory += SIMPLE_TYPE_MEMSIZE( (pFormat[1] & 0x0f) );
|
|
break;
|
|
|
|
#ifdef _CS_CHAR_
|
|
case FC_CSARRAY:
|
|
{
|
|
uchar * OldBuffer = pStubMsg->Buffer;
|
|
ulong OldSize = pStubMsg->MemorySize;
|
|
|
|
pStubMsg->MemorySize = 0;
|
|
|
|
pMemory += NdrCsArrayMemorySize( pStubMsg, pFormat );
|
|
|
|
pStubMsg->MemorySize = OldSize;
|
|
pStubMsg->Buffer = OldBuffer;
|
|
|
|
break;
|
|
}
|
|
|
|
case FC_CS_TAG:
|
|
pMemory += sizeof( ulong );
|
|
break;
|
|
#endif _CS_CHAR_
|
|
|
|
default :
|
|
NDR_ASSERT(0,"NdrpMemoryIncrement : bad format char");
|
|
RpcRaiseException( RPC_S_INTERNAL_ERROR );
|
|
return 0;
|
|
}
|
|
|
|
return pMemory;
|
|
}
|
|
|
|
long
|
|
NdrpArrayDimensions(
|
|
PMIDL_STUB_MESSAGE pStubMsg,
|
|
PFORMAT_STRING pFormat,
|
|
BOOL fIgnoreStringArrays
|
|
)
|
|
/*++
|
|
|
|
Routine description :
|
|
|
|
This routine determines the number of dimensions in a complex array, which
|
|
is the only array type which is allowed to have multiple dimensions other
|
|
than an array of multiple fixed dimensions.
|
|
|
|
Arguments :
|
|
|
|
pFormat - Complex array's format string description.
|
|
fIgnoreStringArrays - TRUE if a string array should not be counted as
|
|
a dimension, FALSE if it should.
|
|
|
|
Return :
|
|
|
|
The number of dimensions in the array.
|
|
|
|
--*/
|
|
{
|
|
long Dimensions;
|
|
|
|
//
|
|
// Only a complex array can have multiple dimensions.
|
|
//
|
|
if ( *pFormat != FC_BOGUS_ARRAY )
|
|
return 1;
|
|
|
|
Dimensions = 1;
|
|
|
|
pFormat += 12;
|
|
CORRELATION_DESC_INCREMENT( pFormat );
|
|
CORRELATION_DESC_INCREMENT( pFormat );
|
|
|
|
for ( ; *pFormat == FC_EMBEDDED_COMPLEX; )
|
|
{
|
|
pFormat += 2;
|
|
pFormat += *((signed short *)pFormat);
|
|
|
|
//
|
|
// Search for a fixed, complex, or string array.
|
|
//
|
|
switch ( *pFormat )
|
|
{
|
|
case FC_SMFARRAY :
|
|
pFormat += 4;
|
|
break;
|
|
|
|
case FC_LGFARRAY :
|
|
pFormat += 6;
|
|
break;
|
|
|
|
case FC_BOGUS_ARRAY :
|
|
pFormat += 12;
|
|
CORRELATION_DESC_INCREMENT( pFormat );
|
|
CORRELATION_DESC_INCREMENT( pFormat );
|
|
break;
|
|
|
|
case FC_CSTRING :
|
|
case FC_BSTRING :
|
|
case FC_WSTRING :
|
|
case FC_SSTRING :
|
|
case FC_C_CSTRING :
|
|
case FC_C_BSTRING :
|
|
case FC_C_WSTRING :
|
|
case FC_C_SSTRING :
|
|
//
|
|
// Can't have any more dimensions after a string array.
|
|
//
|
|
return fIgnoreStringArrays ? Dimensions : Dimensions + 1;
|
|
|
|
default :
|
|
return Dimensions;
|
|
}
|
|
|
|
Dimensions++;
|
|
}
|
|
|
|
//
|
|
// Get here if you have only one dimension.
|
|
//
|
|
return Dimensions;
|
|
}
|
|
|
|
long
|
|
NdrpArrayElements(
|
|
PMIDL_STUB_MESSAGE pStubMsg,
|
|
uchar * pMemory,
|
|
PFORMAT_STRING pFormat
|
|
)
|
|
/*++
|
|
|
|
Routine description :
|
|
|
|
This routine determines the number of elements (allocation size) in an
|
|
array. Used to handle multidimensional arrays.
|
|
|
|
Arguments :
|
|
|
|
pStubMsg - The stub message.
|
|
pMemory - The array.
|
|
pFormat - Array's format string description.
|
|
|
|
Return :
|
|
|
|
The number of elements in the array.
|
|
|
|
--*/
|
|
{
|
|
long TotalSize;
|
|
long ElementSize;
|
|
|
|
switch ( *pFormat )
|
|
{
|
|
case FC_SMFARRAY :
|
|
TotalSize = (long) *((ushort *)(pFormat + 2));
|
|
pFormat += 4;
|
|
break;
|
|
|
|
case FC_LGFARRAY :
|
|
TotalSize = *((long UNALIGNED *)(pFormat + 2));
|
|
pFormat += 6;
|
|
break;
|
|
|
|
case FC_SMVARRAY :
|
|
return (long) *((ushort *)(pFormat + 4));
|
|
|
|
case FC_LGVARRAY :
|
|
return *((long UNALIGNED *)(pFormat + 6));
|
|
|
|
case FC_BOGUS_ARRAY :
|
|
if ( *((long *)(pFormat + 4)) == 0xffffffff )
|
|
return (long) *((ushort *)(pFormat + 2));
|
|
|
|
// else fall through
|
|
|
|
case FC_CARRAY :
|
|
case FC_CVARRAY :
|
|
return (ulong) NdrpComputeConformance( pStubMsg,
|
|
pMemory,
|
|
pFormat );
|
|
|
|
default :
|
|
NDR_ASSERT(0,"NdrpArrayElements : bad format char");
|
|
RpcRaiseException( RPC_S_INTERNAL_ERROR );
|
|
return 0;
|
|
}
|
|
|
|
//
|
|
// We get here for a non-complex fixed array.
|
|
//
|
|
// Since a fixed array's format string description does not
|
|
// contain the number of elements in the array, we have to compute
|
|
// it by computing the array's element size and dividing this into
|
|
// the total array size.
|
|
//
|
|
// A fixed array's child can only be a nice struct, another
|
|
// fixed array, a pointer, or a simple type.
|
|
//
|
|
|
|
//
|
|
// Skip pointer layout if one is present.
|
|
//
|
|
if ( *pFormat == FC_PP )
|
|
pFormat = NdrpSkipPointerLayout( pFormat );
|
|
|
|
switch ( *pFormat )
|
|
{
|
|
case FC_EMBEDDED_COMPLEX :
|
|
pFormat += 2;
|
|
pFormat += *((signed short *)pFormat);
|
|
|
|
//
|
|
// We must be at FC_STRUCT, FC_PSTRUCT, FC_SMFARRAY, or FC_LGFARRAY.
|
|
// All these have the total size as a short at 2 bytes past the
|
|
// beginning of the description except for large fixed array.
|
|
//
|
|
if ( *pFormat != FC_LGFARRAY )
|
|
ElementSize = (long) *((ushort *)(pFormat + 2));
|
|
else
|
|
ElementSize = *((long UNALIGNED *)(pFormat + 2));
|
|
|
|
break;
|
|
|
|
//
|
|
// Simple type (enum16 not possible).
|
|
//
|
|
default :
|
|
ElementSize = SIMPLE_TYPE_MEMSIZE( *pFormat );
|
|
break;
|
|
}
|
|
|
|
return TotalSize / ElementSize;
|
|
}
|
|
|
|
void
|
|
NdrpArrayVariance(
|
|
PMIDL_STUB_MESSAGE pStubMsg,
|
|
uchar * pMemory,
|
|
PFORMAT_STRING pFormat,
|
|
long * pOffset,
|
|
long * pLength
|
|
)
|
|
/*++
|
|
|
|
Routine description :
|
|
|
|
This routine determines the offset and length values for an array.
|
|
Used to handle multidimensional arrays.
|
|
|
|
Arguments :
|
|
|
|
pStubMsg - The stub message.
|
|
pMemory - The array.
|
|
pFormat - Array's format string description.
|
|
pOffset - Returned offset value.
|
|
pLength - Returned length value.
|
|
|
|
Return :
|
|
|
|
None.
|
|
|
|
--*/
|
|
{
|
|
switch ( *pFormat )
|
|
{
|
|
case FC_SMFARRAY :
|
|
case FC_LGFARRAY :
|
|
case FC_CARRAY :
|
|
*pOffset = 0;
|
|
*pLength = NdrpArrayElements( pStubMsg,
|
|
pMemory,
|
|
pFormat );
|
|
break;
|
|
|
|
case FC_BOGUS_ARRAY :
|
|
{
|
|
PFORMAT_STRING pFormatBAV = pFormat + 8;
|
|
|
|
CORRELATION_DESC_INCREMENT( pFormatBAV );
|
|
|
|
if ( *((long UNALIGNED *)(pFormatBAV + 8)) == 0xffffffff )
|
|
{
|
|
*pOffset = 0;
|
|
*pLength = NdrpArrayElements( pStubMsg,
|
|
pMemory,
|
|
pFormat );
|
|
return;
|
|
}
|
|
}
|
|
|
|
// else fall through
|
|
|
|
case FC_CVARRAY :
|
|
case FC_SMVARRAY :
|
|
case FC_LGVARRAY :
|
|
NdrpComputeVariance( pStubMsg,
|
|
pMemory,
|
|
pFormat );
|
|
|
|
*pOffset = (long) pStubMsg->Offset;
|
|
*pLength = (long) pStubMsg->ActualCount;
|
|
break;
|
|
|
|
default :
|
|
NDR_ASSERT(0,"NdrpArrayVariance : bad format char");
|
|
RpcRaiseException( RPC_S_INTERNAL_ERROR );
|
|
return;
|
|
}
|
|
}
|
|
|
|
PFORMAT_STRING
|
|
NdrpSkipPointerLayout(
|
|
PFORMAT_STRING pFormat
|
|
)
|
|
/*--
|
|
|
|
RoutineDescription :
|
|
|
|
Skips a pointer layout format string description.
|
|
|
|
Arguments :
|
|
|
|
pFormat - Format string pointer layout description. Must currently
|
|
point to the FC_PP beginning the pointer layout.
|
|
|
|
Return :
|
|
|
|
Format string pointer past the pointer layout.
|
|
|
|
--*/
|
|
{
|
|
long Pointers;
|
|
|
|
NDR_ASSERT( *pFormat == FC_PP,
|
|
"NdrpSkipPointerLayout : format string not at FC_PP" );
|
|
|
|
// Skip FC_PP and FC_PAD.
|
|
pFormat += 2;
|
|
|
|
for (;;)
|
|
{
|
|
switch ( *pFormat )
|
|
{
|
|
case FC_END :
|
|
return pFormat + 1;
|
|
|
|
case FC_NO_REPEAT :
|
|
pFormat += 10;
|
|
break;
|
|
|
|
case FC_FIXED_REPEAT :
|
|
pFormat += 2;
|
|
// fall through...
|
|
|
|
case FC_VARIABLE_REPEAT :
|
|
pFormat += 6;
|
|
|
|
Pointers = *((ushort * &)pFormat)++;
|
|
|
|
pFormat += Pointers * 8;
|
|
break;
|
|
|
|
default :
|
|
NDR_ASSERT( 0, "NdrpSkipPointerLayout : bad format char" );
|
|
RpcRaiseException( RPC_S_INTERNAL_ERROR );
|
|
return 0;
|
|
}
|
|
}
|
|
}
|
|
|
|
long
|
|
NdrpStringStructLen(
|
|
uchar * pMemory,
|
|
long ElementSize
|
|
)
|
|
/*--
|
|
|
|
RoutineDescription :
|
|
|
|
Determines a stringable struct's length.
|
|
|
|
Arguments :
|
|
|
|
pMemory - Pointer to stringable struct.
|
|
ElementSize - Number of bytes of each string element.
|
|
|
|
Return :
|
|
|
|
Length of string.
|
|
|
|
--*/
|
|
{
|
|
long Length;
|
|
uchar Buffer[256];
|
|
|
|
// Note : String struct element size is limited to 256 bytes.
|
|
|
|
MIDL_memset( Buffer, 0, 256 );
|
|
|
|
for ( Length = 0; ; Length++ )
|
|
{
|
|
if ( memcmp( pMemory, Buffer, ElementSize ) == 0 )
|
|
break;
|
|
|
|
pMemory += ElementSize;
|
|
}
|
|
|
|
return Length;
|
|
}
|
|
|
|
void
|
|
NdrpCheckBound(
|
|
ulong Bound,
|
|
int Type
|
|
)
|
|
{
|
|
ulong Mask;
|
|
|
|
switch ( Type )
|
|
{
|
|
case FC_ULONG :
|
|
|
|
#if defined(__RPC_WIN64__)
|
|
case FC_UINT3264 :
|
|
case FC_INT3264 :
|
|
#endif
|
|
//
|
|
// We use a mask here which will raise an exception for counts
|
|
// of 2GB or more since this is the max NT allocation size.
|
|
//
|
|
Mask = 0x80000000UL;
|
|
break;
|
|
case FC_LONG :
|
|
Mask = 0x80000000UL;
|
|
break;
|
|
case FC_USHORT :
|
|
Mask = 0xffff0000UL;
|
|
break;
|
|
case FC_SHORT :
|
|
Mask = 0xffff8000UL;
|
|
break;
|
|
case FC_USMALL :
|
|
Mask = 0xffffff00UL;
|
|
break;
|
|
case FC_SMALL :
|
|
Mask = 0xffffff80UL;
|
|
break;
|
|
case 0 :
|
|
//
|
|
// For variance which requires calling an auxilary expression
|
|
// evaluation routine a type is not emitted in the format string.
|
|
// We have to just give up.
|
|
//
|
|
// The same thing happens with constant conformance type
|
|
// we emit zero on the var type nibble.
|
|
//
|
|
return;
|
|
default :
|
|
NDR_ASSERT( 0, "NdrpCheckBound : bad type" );
|
|
RpcRaiseException( RPC_S_INTERNAL_ERROR );
|
|
return;
|
|
}
|
|
|
|
if ( Bound & Mask )
|
|
RpcRaiseException( RPC_X_INVALID_BOUND );
|
|
}
|
|
|