r13585: Sorry Gunther, had to revert this. It's got a buffer

overrun. Spoke to Jerry about the correct fix. Will add
this after.
Jeremy.
(This used to be commit 33e13aabd3825c59d15dc897536e2ccf8c8f6d5e)

1 files changed, 11 insertions, 3 deletions

diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index bb4236c4fc..55e736ce6a 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -42,7 +42,16 @@ static BOOL pac_io_logon_name(const char *desc, PAC_LOGON_NAME *logon_name,
 	if (!prs_uint16("len", ps, depth, &logon_name->len))
 		return False;
 
-	if (!prs_string_len("name", ps, depth, logon_name->username, logon_name->len))
+	if (UNMARSHALLING(ps) && logon_name->len) {
+		logon_name->username = PRS_ALLOC_MEM(ps, uint16, logon_name->len);
+		if (!logon_name->username) {
+			DEBUG(3, ("No memory available\n"));
+			return False;
+		}
+	}
+
+	if (!prs_uint16s(True, "name", ps, depth, logon_name->username, 
+			 (logon_name->len / sizeof(uint16))))
 		return False;
 
 	return True;
@@ -882,8 +891,7 @@ static void dump_pac_logon_info(PAC_LOGON_INFO *logon_info) {
 		nt_status = NT_STATUS_INVALID_PARAMETER;
 		goto out;
 	}
-
-	rpcstr_pull(username, logon_name->username, sizeof(username), logon_name->len, 0);
+	rpcstr_pull(username, logon_name->username, sizeof(username), -1, STR_TERMINATE);
 
 	ret = smb_krb5_parse_name_norealm(context, username, &client_principal_pac);
 	if (ret) {