5.1 Security Considerations for Implementers

The enumeration methods require the server to return the correct number of objects linked in the returned linked list. For example, the DWORD variable passed in the pdwNumRules parameter of RRPC_FWEnumFirewallRules (Opnum 9) must be equal to the actual number of rules returned in ppRules.

However, the client cannot assume that the server is accurate in the actual object count. The client can allocate a buffer based on the rule count; however, while filling the buffer, the client has to actively validate that the number of objects in the buffer does not exceed the object count. Failure to do this validation could result in buffer overruns on the client.