diff options
author | Jeremy Allison <jra@samba.org> | 2007-04-17 02:14:28 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:19:24 -0500 |
commit | 2da54a66b970917ca5290001af0f4ab7adf68460 (patch) | |
tree | 1d1bf7c3f6d5702f70d7c3137412dc9a47763276 | |
parent | e459831b5a672683dcf63cac6ebb4b76e62e6549 (diff) | |
download | samba-2da54a66b970917ca5290001af0f4ab7adf68460.tar.gz samba-2da54a66b970917ca5290001af0f4ab7adf68460.tar.bz2 samba-2da54a66b970917ca5290001af0f4ab7adf68460.zip |
r22291: Fix off-by-one in tconX parsing.
Jeremy.
(This used to be commit bc6ac4feac8c62cda2b6151eb648d3d5979e8a95)
-rw-r--r-- | source3/smbd/reply.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index eb4106b0c1..3d0f8a3ca8 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -469,13 +469,22 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt if (global_encrypted_passwords_negotiated) { password = data_blob(smb_buf(inbuf),passlen); + if (lp_security() == SEC_SHARE) { + /* + * Security = share always has a pad byte + * after the password. + */ + p = smb_buf(inbuf) + passlen + 1; + } else { + p = smb_buf(inbuf) + passlen; + } } else { password = data_blob(smb_buf(inbuf),passlen+1); /* Ensure correct termination */ - password.data[passlen]=0; + password.data[passlen]=0; + p = smb_buf(inbuf) + passlen + 1; } - p = smb_buf(inbuf) + passlen; p += srvstr_pull_buf(inbuf, path, p, sizeof(path), STR_TERMINATE); /* |