diff options
| author | Jeremy Allison <jra@samba.org> | 2006-02-21 03:08:42 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:10:16 -0500 |
| commit | 115996503ced64c478ed1cc857bd5a1528644b46 (patch) | |
| tree | d0874a47a658c1a3d99c895a24ef7d10d4b02d22 | |
| parent | 4ea92f30985466489a3b3faf5a1c90667175aad6 (diff) | |
| download | samba-115996503ced64c478ed1cc857bd5a1528644b46.tar.gz samba-115996503ced64c478ed1cc857bd5a1528644b46.tar.bz2 samba-115996503ced64c478ed1cc857bd5a1528644b46.zip | |
r13585: Sorry Gunther, had to revert this. It's got a buffer
overrun. Spoke to Jerry about the correct fix. Will add
this after.
Jeremy.
(This used to be commit 33e13aabd3825c59d15dc897536e2ccf8c8f6d5e)
| -rw-r--r-- | source3/include/authdata.h | 2 | ||||
| -rw-r--r-- | source3/libads/authdata.c | 14 | ||||
| -rw-r--r-- | source3/rpc_parse/parse_prs.c | 43 |
3 files changed, 12 insertions, 47 deletions
diff --git a/source3/include/authdata.h b/source3/include/authdata.h index 7e047687b7..194429ab67 100644 --- a/source3/include/authdata.h +++ b/source3/include/authdata.h @@ -42,7 +42,7 @@ typedef struct pac_logon_name { NTTIME logon_time; uint16 len; - fstring username; + uint16 *username; /* might not be null terminated, so not UNISTR */ } PAC_LOGON_NAME; typedef struct pac_signature_data { diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c index bb4236c4fc..55e736ce6a 100644 --- a/source3/libads/authdata.c +++ b/source3/libads/authdata.c @@ -42,7 +42,16 @@ static BOOL pac_io_logon_name(const char *desc, PAC_LOGON_NAME *logon_name, if (!prs_uint16("len", ps, depth, &logon_name->len)) return False; - if (!prs_string_len("name", ps, depth, logon_name->username, logon_name->len)) + if (UNMARSHALLING(ps) && logon_name->len) { + logon_name->username = PRS_ALLOC_MEM(ps, uint16, logon_name->len); + if (!logon_name->username) { + DEBUG(3, ("No memory available\n")); + return False; + } + } + + if (!prs_uint16s(True, "name", ps, depth, logon_name->username, + (logon_name->len / sizeof(uint16)))) return False; return True; @@ -882,8 +891,7 @@ static void dump_pac_logon_info(PAC_LOGON_INFO *logon_info) { nt_status = NT_STATUS_INVALID_PARAMETER; goto out; } - - rpcstr_pull(username, logon_name->username, sizeof(username), logon_name->len, 0); + rpcstr_pull(username, logon_name->username, sizeof(username), -1, STR_TERMINATE); ret = smb_krb5_parse_name_norealm(context, username, &client_principal_pac); if (ret) { diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c index 857a24cf0e..c4f9f512ab 100644 --- a/source3/rpc_parse/parse_prs.c +++ b/source3/rpc_parse/parse_prs.c @@ -1333,49 +1333,6 @@ BOOL prs_string_alloc(const char *name, prs_struct *ps, int depth, const char ** } /******************************************************************* - Stream a null-terminated string of fixed len. - ********************************************************************/ - -BOOL prs_string_len(const char *name, prs_struct *ps, int depth, char *str, int len) -{ - char *q; - int i; - BOOL charmode = True; - - q = prs_mem_get(ps, len+1); - if (q == NULL) - return False; - - for(i = 0; i < len; i++) { - if (UNMARSHALLING(ps)) - str[i] = q[i]; - else - q[i] = str[i]; - } - - /* The terminating null. */ - str[i] = '\0'; - - if (MARSHALLING(ps)) { - q[i] = '\0'; - } - - ps->data_offset += len+1; - - DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name)); - if (charmode) { - print_asc(5, (unsigned char*)str, len); - } else { - for (i = 0; i < len; i++) - DEBUG(5,("%04x ", str[i])); - } - DEBUG(5,("\n")); - - return True; -} - - -/******************************************************************* prs_uint16 wrapper. Call this and it sets up a pointer to where the uint16 should be stored, or gets the size if reading. ********************************************************************/ |