summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2006-02-21 03:08:42 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:10:16 -0500
commit115996503ced64c478ed1cc857bd5a1528644b46 (patch)
treed0874a47a658c1a3d99c895a24ef7d10d4b02d22
parent4ea92f30985466489a3b3faf5a1c90667175aad6 (diff)
downloadsamba-115996503ced64c478ed1cc857bd5a1528644b46.tar.gz
samba-115996503ced64c478ed1cc857bd5a1528644b46.tar.bz2
samba-115996503ced64c478ed1cc857bd5a1528644b46.zip
r13585: Sorry Gunther, had to revert this. It's got a buffer
overrun. Spoke to Jerry about the correct fix. Will add this after. Jeremy. (This used to be commit 33e13aabd3825c59d15dc897536e2ccf8c8f6d5e)
-rw-r--r--source3/include/authdata.h2
-rw-r--r--source3/libads/authdata.c14
-rw-r--r--source3/rpc_parse/parse_prs.c43
3 files changed, 12 insertions, 47 deletions
diff --git a/source3/include/authdata.h b/source3/include/authdata.h
index 7e047687b7..194429ab67 100644
--- a/source3/include/authdata.h
+++ b/source3/include/authdata.h
@@ -42,7 +42,7 @@
typedef struct pac_logon_name {
NTTIME logon_time;
uint16 len;
- fstring username;
+ uint16 *username; /* might not be null terminated, so not UNISTR */
} PAC_LOGON_NAME;
typedef struct pac_signature_data {
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index bb4236c4fc..55e736ce6a 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -42,7 +42,16 @@ static BOOL pac_io_logon_name(const char *desc, PAC_LOGON_NAME *logon_name,
if (!prs_uint16("len", ps, depth, &logon_name->len))
return False;
- if (!prs_string_len("name", ps, depth, logon_name->username, logon_name->len))
+ if (UNMARSHALLING(ps) && logon_name->len) {
+ logon_name->username = PRS_ALLOC_MEM(ps, uint16, logon_name->len);
+ if (!logon_name->username) {
+ DEBUG(3, ("No memory available\n"));
+ return False;
+ }
+ }
+
+ if (!prs_uint16s(True, "name", ps, depth, logon_name->username,
+ (logon_name->len / sizeof(uint16))))
return False;
return True;
@@ -882,8 +891,7 @@ static void dump_pac_logon_info(PAC_LOGON_INFO *logon_info) {
nt_status = NT_STATUS_INVALID_PARAMETER;
goto out;
}
-
- rpcstr_pull(username, logon_name->username, sizeof(username), logon_name->len, 0);
+ rpcstr_pull(username, logon_name->username, sizeof(username), -1, STR_TERMINATE);
ret = smb_krb5_parse_name_norealm(context, username, &client_principal_pac);
if (ret) {
diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c
index 857a24cf0e..c4f9f512ab 100644
--- a/source3/rpc_parse/parse_prs.c
+++ b/source3/rpc_parse/parse_prs.c
@@ -1333,49 +1333,6 @@ BOOL prs_string_alloc(const char *name, prs_struct *ps, int depth, const char **
}
/*******************************************************************
- Stream a null-terminated string of fixed len.
- ********************************************************************/
-
-BOOL prs_string_len(const char *name, prs_struct *ps, int depth, char *str, int len)
-{
- char *q;
- int i;
- BOOL charmode = True;
-
- q = prs_mem_get(ps, len+1);
- if (q == NULL)
- return False;
-
- for(i = 0; i < len; i++) {
- if (UNMARSHALLING(ps))
- str[i] = q[i];
- else
- q[i] = str[i];
- }
-
- /* The terminating null. */
- str[i] = '\0';
-
- if (MARSHALLING(ps)) {
- q[i] = '\0';
- }
-
- ps->data_offset += len+1;
-
- DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
- if (charmode) {
- print_asc(5, (unsigned char*)str, len);
- } else {
- for (i = 0; i < len; i++)
- DEBUG(5,("%04x ", str[i]));
- }
- DEBUG(5,("\n"));
-
- return True;
-}
-
-
-/*******************************************************************
prs_uint16 wrapper. Call this and it sets up a pointer to where the
uint16 should be stored, or gets the size if reading.
********************************************************************/