diff options
author | Stefan Metzmacher <metze@samba.org> | 2010-01-28 18:52:46 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2010-01-29 15:55:10 +0100 |
commit | c50a17cc8d6bc23f03c3d44ceccebce06417ba21 (patch) | |
tree | 90f8b3db65a0925afb65b0d2903cfbe256a233b8 | |
parent | a20b43f23f2254edb1fcd6d3916dd57e6a4778ee (diff) | |
download | samba-c50a17cc8d6bc23f03c3d44ceccebce06417ba21.tar.gz samba-c50a17cc8d6bc23f03c3d44ceccebce06417ba21.tar.bz2 samba-c50a17cc8d6bc23f03c3d44ceccebce06417ba21.zip |
libcli/nbt: fix ndr_pull/push_wrepl_nbt_name()
[MS-WINSRA] — v20091104 was wrong
regarding section "2.2.10.1 Name Record"
If the name buffer is already 4 byte aligned
Windows (at least 2003 SP1 and 2008) add 4 extra
bytes. This can happen when the name has a scope.
metze
-rw-r--r-- | libcli/nbt/nbtname.c | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/libcli/nbt/nbtname.c b/libcli/nbt/nbtname.c index 338cb21089..1650ff96ae 100644 --- a/libcli/nbt/nbtname.c +++ b/libcli/nbt/nbtname.c @@ -517,6 +517,19 @@ _PUBLIC_ enum ndr_err_code ndr_pull_wrepl_nbt_name(struct ndr_pull *ndr, int ndr NDR_PULL_ALLOC_N(ndr, namebuf, namebuf_len); NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, namebuf, namebuf_len)); + if ((namebuf_len % 4) == 0) { + /* + * [MS-WINSRA] — v20091104 was wrong + * regarding section "2.2.10.1 Name Record" + * + * If the name buffer is already 4 byte aligned + * Windows (at least 2003 SP1 and 2008) add 4 extra + * bytes. This can happen when the name has a scope. + */ + uint32_t pad; + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &pad)); + } + NDR_PULL_ALLOC(ndr, r); /* oh wow, what a nasty bug in windows ... */ @@ -615,6 +628,18 @@ _PUBLIC_ enum ndr_err_code ndr_push_wrepl_nbt_name(struct ndr_push *ndr, int ndr NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, namebuf_len)); NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, namebuf, namebuf_len)); + if ((namebuf_len % 4) == 0) { + /* + * [MS-WINSRA] — v20091104 was wrong + * regarding section "2.2.10.1 Name Record" + * + * If the name buffer is already 4 byte aligned + * Windows (at least 2003 SP1 and 2008) add 4 extra + * bytes. This can happen when the name has a scope. + */ + NDR_CHECK(ndr_push_zero(ndr, 4)); + } + talloc_free(namebuf); return NDR_ERR_SUCCESS; } |