diff options
| author | Jeremy Allison <jra@samba.org> | 2007-03-30 22:25:08 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:19:01 -0500 |
| commit | 261c004d7bf85de945a1a3956c1d8f15075bc224 (patch) | |
| tree | 3bacb2553161bece2fe06d3a6c29a0f4b82de97c /source3/nmbd/nmbd_processlogon.c | |
| parent | b0bcb483697249123f92f5ac477c98b579135887 (diff) | |
| download | samba-261c004d7bf85de945a1a3956c1d8f15075bc224.tar.gz samba-261c004d7bf85de945a1a3956c1d8f15075bc224.tar.bz2 samba-261c004d7bf85de945a1a3956c1d8f15075bc224.zip | |
r22014: Make us pass RANDOMIPC test again :-(. This is an ugly check-in,
but I've no option.
Jeremy.
(This used to be commit c3a565081d70b209a4f9e6e8f1859bf7194a5f74)
Diffstat (limited to 'source3/nmbd/nmbd_processlogon.c')
| -rw-r--r-- | source3/nmbd/nmbd_processlogon.c | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/source3/nmbd/nmbd_processlogon.c b/source3/nmbd/nmbd_processlogon.c index 232f430b66..6b10d61267 100644 --- a/source3/nmbd/nmbd_processlogon.c +++ b/source3/nmbd/nmbd_processlogon.c @@ -91,7 +91,7 @@ logons are not enabled.\n", inet_ntoa(p->ip) )); pstrcpy(my_name, global_myname()); - code = SVAL(buf,0); + code = get_safe_offset(buf,len,buf,2) ? SVAL(buf,0) : -1; DEBUG(4,("process_logon_packet: Logon from %s: code = 0x%x\n", inet_ntoa(p->ip), code)); switch (code) { @@ -100,21 +100,21 @@ logons are not enabled.\n", inet_ntoa(p->ip) )); fstring mach_str, user_str, getdc_str; char *q = buf + 2; char *machine = q; - char *user = skip_string(machine,1); + char *user = skip_string(buf,len,machine,1); - if (PTR_DIFF(user, buf) >= len) { + if (!user || PTR_DIFF(user, buf) >= len) { DEBUG(0,("process_logon_packet: bad packet\n")); return; } - getdc = skip_string(user,1); + getdc = skip_string(buf,len,user,1); - if (PTR_DIFF(getdc, buf) >= len) { + if (!getdc || PTR_DIFF(getdc, buf) >= len) { DEBUG(0,("process_logon_packet: bad packet\n")); return; } - q = skip_string(getdc,1); + q = skip_string(buf,len,getdc,1); - if (PTR_DIFF(q + 5, buf) > len) { + if (!q || PTR_DIFF(q + 5, buf) > len) { DEBUG(0,("process_logon_packet: bad packet\n")); return; } @@ -136,7 +136,7 @@ logons are not enabled.\n", inet_ntoa(p->ip) )); fstrcpy(reply_name, "\\\\"); fstrcat(reply_name, my_name); push_ascii_fstring(q, reply_name); - q = skip_string(q, 1); /* PDC name */ + q = skip_string(outbuf,sizeof(outbuf),q, 1); /* PDC name */ SSVAL(q, 0, token); q += 2; @@ -164,15 +164,15 @@ logons are not enabled.\n", inet_ntoa(p->ip) )); return; } - getdc = skip_string(machine,1); + getdc = skip_string(buf,len,machine,1); - if (PTR_DIFF(getdc, buf) >= len) { + if (!getdc || PTR_DIFF(getdc, buf) >= len) { DEBUG(0,("process_logon_packet: bad packet\n")); return; } - q = skip_string(getdc,1); + q = skip_string(buf,len,getdc,1); - if (PTR_DIFF(q, buf) >= len) { + if (!q || PTR_DIFF(q, buf) >= len) { DEBUG(0,("process_logon_packet: bad packet\n")); return; } @@ -232,7 +232,7 @@ logons are not enabled.\n", inet_ntoa(p->ip) )); fstrcpy(reply_name,my_name); push_ascii_fstring(q, reply_name); - q = skip_string(q, 1); /* PDC name */ + q = skip_string(outbuf,sizeof(outbuf),q, 1); /* PDC name */ /* PDC and domain name */ if (!short_request) { @@ -301,9 +301,9 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", return; } - q = skip_string(getdc,1); + q = skip_string(buf,len,getdc,1); - if (PTR_DIFF(q + 8, buf) >= len) { + if (!q || PTR_DIFF(q + 8, buf) >= len) { DEBUG(0,("process_logon_packet: bad packet\n")); return; } @@ -540,16 +540,16 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", /* Domain info */ - q = skip_string(q, 1); /* PDC name */ + q = skip_string(buf,len,q, 1); /* PDC name */ - if (PTR_DIFF(q, buf) >= len) { + if (!q || PTR_DIFF(q, buf) >= len) { DEBUG(0,("process_logon_packet: bad packet\n")); return; } - q = skip_string(q, 1); /* Domain name */ + q = skip_string(buf,len,q, 1); /* Domain name */ - if (PTR_DIFF(q, buf) >= len) { + if (!q || PTR_DIFF(q, buf) >= len) { DEBUG(0,("process_logon_packet: bad packet\n")); return; } |