diff options
author | Jeremy Allison <jra@samba.org> | 2011-03-25 14:37:29 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2011-03-25 23:25:40 +0100 |
commit | ad2e243f8d196a448c2b307feb57a9141c200cd1 (patch) | |
tree | a0ebb4662fa83d1e74110c8a3dedf8d65dd60bdb /source3/lib | |
parent | 5779460f3ffff0f929d0621b4ea4d1883abb878f (diff) | |
download | samba-ad2e243f8d196a448c2b307feb57a9141c200cd1.tar.gz samba-ad2e243f8d196a448c2b307feb57a9141c200cd1.tar.bz2 samba-ad2e243f8d196a448c2b307feb57a9141c200cd1.zip |
Fix bug 8040 - smbclient segfaults when a Cyrillic netbios name or workgroup is configured.
As discovered by David Disseldorp <ddiss@suse.de>, convert_string_talloc()
doesn't always return consistent results for a zero length string. The
API states an incoming string must *always* contain the terminating null,
but unfotunately too much code expects passing in a zero source length
to return a null terminated string, so at least ensure we return a
correct null string in the required character set and return the
correct length.
Also ensure we cannot return a zero length for a converted string
(we ensure that the returned buffer is always allocated and zero
terminated anyway) as calling code depends on the fact that returning
true from this function will *always* return a non-zero length (as
it must include the terminating null).
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Mar 25 23:25:40 CET 2011 on sn-devel-104
Diffstat (limited to 'source3/lib')
-rw-r--r-- | source3/lib/charcnv.c | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/source3/lib/charcnv.c b/source3/lib/charcnv.c index 0be86ef828..f95442a49f 100644 --- a/source3/lib/charcnv.c +++ b/source3/lib/charcnv.c @@ -389,14 +389,24 @@ bool convert_string_talloc(TALLOC_CTX *ctx, charset_t from, charset_t to, errno = EINVAL; return false; } + if (srclen == 0) { - ob = talloc_strdup(ctx, ""); + /* We really should treat this as an error, but + there are too many callers that need this to + return a NULL terminated string in the correct + character set. */ + if (to == CH_UTF16LE|| to == CH_UTF16BE || to == CH_UTF16MUNGED) { + destlen = 2; + } else { + destlen = 1; + } + ob = talloc_zero_array(ctx, char, destlen); if (ob == NULL) { errno = ENOMEM; return false; } + *converted_size = destlen; *dest = ob; - *converted_size = 0; return true; } @@ -480,6 +490,17 @@ bool convert_string_talloc(TALLOC_CTX *ctx, charset_t from, charset_t to, ob[destlen] = '\0'; ob[destlen+1] = '\0'; + /* Ensure we can never return a *converted_size of zero. */ + if (destlen == 0) { + /* As we're now returning false on a bad smb_iconv call, + this should never happen. But be safe anyway. */ + if (to == CH_UTF16LE|| to == CH_UTF16BE || to == CH_UTF16MUNGED) { + destlen = 2; + } else { + destlen = 1; + } + } + *converted_size = destlen; return true; } |