This removes the 3rd argument from init_unistr2(). There were 240

calls to init_unistr2() in the code and every one of them got the 3rd
argument incorrect, so I thought it best just to remove the argument.

The incorrect usage was caused by callers using strlen() to determine
the length of the string. The 3rd argument to init_unistr2() was
supposed to be the character length, not the byte length of the
string, so for non-english this could come out wrong.

I also removed the bogus 'always allocate at least 256 bytes'
hack. There may be some code that relies on this, but if there is then
the code is broken and needs fixing.
(This used to be commit b9eff31b1433c81fbff733e194914a40f25e3bda)

1 files changed, 28 insertions, 31 deletions

diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c
index 9d3bd6f28a..020c49cba1 100644
--- a/source3/rpc_parse/parse_misc.c
+++ b/source3/rpc_parse/parse_misc.c
@@ -766,12 +766,12 @@ void init_buf_unistr2(UNISTR2 *str, uint32 *ptr, const char *buf)
 	if (buf != NULL) {
 
 		*ptr = 1;
-		init_unistr2(str, buf, strlen(buf)+1);
+		init_unistr2(str, buf);
 
 	} else {
 
 		*ptr = 0;
-		init_unistr2(str, "", 0);
+		init_unistr2(str, "");
 
 	}
 }
@@ -881,37 +881,34 @@ BOOL smb_io_string2(const char *desc, STRING2 *str2, uint32 buffer, prs_struct *
 }
 
 /*******************************************************************
- Inits a UNISTR2 structure.
+ Inits a UNISTR2 structure.  This function used to deliberately
+ over-allocate to a minimum of 256 bytes. That is rather silly, and
+ just hides potential bugs. If you need to overallocate then don't use
+ this function!
 ********************************************************************/
-
-void init_unistr2(UNISTR2 *str, const char *buf, size_t len)
+void init_unistr2(UNISTR2 *str, const char *buf)
 {
-	ZERO_STRUCTP(str);
+	size_t len;
 
-	/* set up string lengths. */
-	str->uni_max_len = (uint32)len;
-	str->undoc       = 0;
-	str->uni_str_len = (uint32)len;
+	if (!buf) {
+		/* this is incorrect, but is needed to cope with some 
+		   broken code that assumes this function will always 
+		   return a valid initialised UNISTR2 */
+		buf = "";
+	}
 
-	if (len < MAX_UNISTRLEN)
-		len = MAX_UNISTRLEN;
-	len *= sizeof(uint16);
+	len = push_ucs2_talloc(get_talloc_ctx() , &str->buffer, buf);
 
-	str->buffer = (uint16 *)talloc_zero(get_talloc_ctx(), len);
-	if ((str->buffer == NULL) && (len > 0))
-	{
-		smb_panic("init_unistr2: malloc fail\n");
-		return;
+	if (len == -1) {
+		/* oops - we can't convert the string? */
+		smb_panic("failed to convert string in init_unistr2");
 	}
 
-	/*
-	 * don't move this test above ! The UNISTR2 must be initialized !!!
-	 * jfm, 7/7/2001.
-	 */
-	if (buf==NULL)
-		return;
-
-	rpcstr_push((char *)str->buffer, buf, len, STR_TERMINATE);
+	/* set up string lengths. Note that len is guaranteed to be a
+	 * multiple of 2 from push_ucs2 */
+	str->uni_max_len = len/2;
+	str->undoc       = 0;
+	str->uni_str_len = len/2;
 }
 
 /** 
@@ -1192,14 +1189,14 @@ static void init_clnt_srv(DOM_CLNT_SRV *log, const char *logon_srv, const char *
 
 	if (logon_srv != NULL) {
 		log->undoc_buffer = 1;
-		init_unistr2(&log->uni_logon_srv, logon_srv, strlen(logon_srv)+1);
+		init_unistr2(&log->uni_logon_srv, logon_srv);
 	} else {
 		log->undoc_buffer = 0;
 	}
 
 	if (comp_name != NULL) {
 		log->undoc_buffer2 = 1;
-		init_unistr2(&log->uni_comp_name, comp_name, strlen(comp_name)+1);
+		init_unistr2(&log->uni_comp_name, comp_name);
 	} else {
 		log->undoc_buffer2 = 0;
 	}
@@ -1253,12 +1250,12 @@ void init_log_info(DOM_LOG_INFO *log, const char *logon_srv, const char *acct_na
 
 	log->undoc_buffer = 1;
 
-	init_unistr2(&log->uni_logon_srv, logon_srv, strlen(logon_srv)+1);
-	init_unistr2(&log->uni_acct_name, acct_name, strlen(acct_name)+1);
+	init_unistr2(&log->uni_logon_srv, logon_srv);
+	init_unistr2(&log->uni_acct_name, acct_name);
 
 	log->sec_chan = sec_chan;
 
-	init_unistr2(&log->uni_comp_name, comp_name, strlen(comp_name)+1);
+	init_unistr2(&log->uni_comp_name, comp_name);
 }
 
 /*******************************************************************