diff options
| author | Luke Leighton <lkcl@samba.org> | 1998-10-27 15:03:47 +0000 |
|---|---|---|
| committer | Luke Leighton <lkcl@samba.org> | 1998-10-27 15:03:47 +0000 |
| commit | 528c3d3e682ce85d8b041a1396e59f5229716e71 (patch) | |
| tree | 6cf77109368d04a74e1bc381a0b4edfbf86da8dd /source3/rpc_parse/parse_net.c | |
| parent | 03893a1ab9f87965746fa3255c35337e0dabd8ae (diff) | |
| download | samba-528c3d3e682ce85d8b041a1396e59f5229716e71.tar.gz samba-528c3d3e682ce85d8b041a1396e59f5229716e71.tar.bz2 samba-528c3d3e682ce85d8b041a1396e59f5229716e71.zip | |
amazing. the improvements to NT continue, evidence for which shows up
now as "RPC fault" if the UNIHDR structure lengths do not exactly
match up to the length of the data stream.
so, all versions of samba prior to this one have an off-by-one bug
in unicode string lengths.
all versions of NT prior to NT 5 beta 2 could possibly have buffer
problems when receiving badly formatted UNICODE strings.
(This used to be commit 161eb6f511e161b63c1fa90a08c562fcf208344a)
Diffstat (limited to 'source3/rpc_parse/parse_net.c')
| -rw-r--r-- | source3/rpc_parse/parse_net.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c index d99c4baac6..57fc73e516 100644 --- a/source3/rpc_parse/parse_net.c +++ b/source3/rpc_parse/parse_net.c @@ -116,7 +116,7 @@ static void make_netinfo_2(NETLOGON_INFO_2 *info, uint32 flags, uint32 pdc_statu if (trusted_dc_name != NULL) { - make_unistr2(&(info->uni_trusted_dc_name), trusted_dc_name, len_dc_name); + make_unistr2(&(info->uni_trusted_dc_name), trusted_dc_name, len_dc_name+1); } else { @@ -294,7 +294,7 @@ void make_r_trust_dom(NET_R_TRUST_DOM_LIST *r_t, fstring domain_name; fstrcpy(domain_name, dom_name); strupper(domain_name); - make_unistr2(&(r_t->uni_trust_dom_name[i]), domain_name, strlen(domain_name)); + make_unistr2(&(r_t->uni_trust_dom_name[i]), domain_name, strlen(domain_name)+1); /* the use of UNISTR2 here is non-standard. */ r_t->uni_trust_dom_name[i].undoc = 0x1; } @@ -354,8 +354,8 @@ void make_q_req_chal(NET_Q_REQ_CHAL *q_c, q_c->undoc_buffer = 1; /* don't know what this buffer is */ - make_unistr2(&(q_c->uni_logon_srv ), logon_srv , strlen(logon_srv )); - make_unistr2(&(q_c->uni_logon_clnt), logon_clnt, strlen(logon_clnt)); + make_unistr2(&(q_c->uni_logon_srv ), logon_srv , strlen(logon_srv )+1); + make_unistr2(&(q_c->uni_logon_clnt), logon_clnt, strlen(logon_clnt)+1); memcpy(q_c->clnt_chal.data, clnt_chal->data, sizeof(clnt_chal->data)); @@ -377,7 +377,7 @@ void net_io_q_req_chal(char *desc, NET_Q_REQ_CHAL *q_c, prs_struct *ps, int dep prs_uint32("undoc_buffer", ps, depth, &(q_c->undoc_buffer)); - smb_io_unistr2("", &(q_c->uni_logon_srv), True, ps, depth); /* logon server unicode string */ + smb_io_unistr2("", &(q_c->uni_logon_srv ), True, ps, depth); /* logon server unicode string */ smb_io_unistr2("", &(q_c->uni_logon_clnt), True, ps, depth); /* logon client unicode string */ old_align = ps->align; |