diff options
| author | Luke Leighton <lkcl@samba.org> | 1998-10-27 15:03:47 +0000 |
|---|---|---|
| committer | Luke Leighton <lkcl@samba.org> | 1998-10-27 15:03:47 +0000 |
| commit | 528c3d3e682ce85d8b041a1396e59f5229716e71 (patch) | |
| tree | 6cf77109368d04a74e1bc381a0b4edfbf86da8dd /source3/rpc_parse/parse_misc.c | |
| parent | 03893a1ab9f87965746fa3255c35337e0dabd8ae (diff) | |
| download | samba-528c3d3e682ce85d8b041a1396e59f5229716e71.tar.gz samba-528c3d3e682ce85d8b041a1396e59f5229716e71.tar.bz2 samba-528c3d3e682ce85d8b041a1396e59f5229716e71.zip | |
amazing. the improvements to NT continue, evidence for which shows up
now as "RPC fault" if the UNIHDR structure lengths do not exactly
match up to the length of the data stream.
so, all versions of samba prior to this one have an off-by-one bug
in unicode string lengths.
all versions of NT prior to NT 5 beta 2 could possibly have buffer
problems when receiving badly formatted UNICODE strings.
(This used to be commit 161eb6f511e161b63c1fa90a08c562fcf208344a)
Diffstat (limited to 'source3/rpc_parse/parse_misc.c')
| -rw-r--r-- | source3/rpc_parse/parse_misc.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c index 5144ef8c31..4cb606688d 100644 --- a/source3/rpc_parse/parse_misc.c +++ b/source3/rpc_parse/parse_misc.c @@ -395,7 +395,7 @@ void make_buf_unistr2(UNISTR2 *str, uint32 *ptr, char *buf) if (buf != NULL) { *ptr = 1; - make_unistr2(str, buf, strlen(buf)); + make_unistr2(str, buf, strlen(buf)+1); } else { @@ -475,10 +475,10 @@ creates a UNISTR2 structure. ********************************************************************/ void make_unistr2(UNISTR2 *str, char *buf, int len) { - /* set up string lengths. add one if string is not null-terminated */ - str->uni_max_len = len+1; + /* set up string lengths. */ + str->uni_max_len = len; str->undoc = 0; - str->uni_str_len = len+1; + str->uni_str_len = len; /* store the string (null-terminated 8 bit chars into 16 bit chars) */ struni2(str->buffer, buf); @@ -608,7 +608,7 @@ static void make_clnt_srv(DOM_CLNT_SRV *log, char *logon_srv, char *comp_name) if (logon_srv != NULL) { log->undoc_buffer = 1; - make_unistr2(&(log->uni_logon_srv), logon_srv, strlen(logon_srv)); + make_unistr2(&(log->uni_logon_srv), logon_srv, strlen(logon_srv)+1); } else { @@ -618,7 +618,7 @@ static void make_clnt_srv(DOM_CLNT_SRV *log, char *logon_srv, char *comp_name) if (comp_name != NULL) { log->undoc_buffer2 = 1; - make_unistr2(&(log->uni_comp_name), comp_name, strlen(comp_name)); + make_unistr2(&(log->uni_comp_name), comp_name, strlen(comp_name)+1); } else { @@ -665,12 +665,12 @@ void make_log_info(DOM_LOG_INFO *log, char *logon_srv, char *acct_name, log->undoc_buffer = 1; - make_unistr2(&(log->uni_logon_srv), logon_srv, strlen(logon_srv)); - make_unistr2(&(log->uni_acct_name), acct_name, strlen(acct_name)); + make_unistr2(&(log->uni_logon_srv), logon_srv, strlen(logon_srv)+1); + make_unistr2(&(log->uni_acct_name), acct_name, strlen(acct_name)+1); log->sec_chan = sec_chan; - make_unistr2(&(log->uni_comp_name), comp_name, strlen(comp_name)); + make_unistr2(&(log->uni_comp_name), comp_name, strlen(comp_name)+1); } /******************************************************************* |