Fix for #480. Change the interface for init_unistr2 to not take a length

but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string.
This is not the case. Count it after conversion.
Jeremy.
(This used to be commit f82c273a42f930c7152cfab84394781744815e0e)

5 files changed, 58 insertions, 68 deletions

diff --git a/source3/rpc_server/srv_dfs_nt.c b/source3/rpc_server/srv_dfs_nt.c
index 3470ad99b4..751cb6e642 100644
--- a/source3/rpc_server/srv_dfs_nt.c
+++ b/source3/rpc_server/srv_dfs_nt.c
@@ -198,7 +198,7 @@ static BOOL init_reply_dfs_info_1(struct junction_map* j, DFS_INFO_1* dfs1, int
       slprintf(str, sizeof(pstring)-1, "\\\\%s\\%s\\%s", global_myname(), 
 	       j[i].service_name, j[i].volume_name);
       DEBUG(5,("init_reply_dfs_info_1: %d) initing entrypath: %s\n",i,str));
-      init_unistr2(&dfs1[i].entrypath,str,strlen(str)+1);
+      init_unistr2(&dfs1[i].entrypath,str,UNI_STR_TERMINATE);
     }
   return True;
 }
@@ -212,7 +212,7 @@ static BOOL init_reply_dfs_info_2(struct junction_map* j, DFS_INFO_2* dfs2, int
       dfs2[i].ptr_entrypath = 1;
       slprintf(str, sizeof(pstring)-1, "\\\\%s\\%s\\%s", global_myname(),
 	       j[i].service_name, j[i].volume_name);
-      init_unistr2(&dfs2[i].entrypath, str, strlen(str)+1);
+      init_unistr2(&dfs2[i].entrypath, str, UNI_STR_TERMINATE);
       dfs2[i].ptr_comment = 0;
       dfs2[i].state = 1; /* set up state of dfs junction as OK */
       dfs2[i].num_storages = j[i].referral_count;
@@ -234,9 +234,9 @@ static BOOL init_reply_dfs_info_3(TALLOC_CTX *ctx, struct junction_map* j, DFS_I
 	      slprintf(str, sizeof(pstring)-1, "\\\\%s\\%s\\%s", global_myname(),
 		       j[i].service_name, j[i].volume_name);
 
-      init_unistr2(&dfs3[i].entrypath, str, strlen(str)+1);
+      init_unistr2(&dfs3[i].entrypath, str, UNI_STR_TERMINATE);
       dfs3[i].ptr_comment = 1;
-      init_unistr2(&dfs3[i].comment, "", 1); 
+      init_unistr2(&dfs3[i].comment, "", UNI_STR_TERMINATE);
       dfs3[i].state = 1;
       dfs3[i].num_storages = dfs3[i].num_storage_infos = j[i].referral_count;
       dfs3[i].ptr_storages = 1;
@@ -267,8 +267,8 @@ static BOOL init_reply_dfs_info_3(TALLOC_CTX *ctx, struct junction_map* j, DFS_I
 	  *p = '\0';
 	  DEBUG(5,("storage %d: %s.%s\n",ii,path,p+1));
 	  stor->state = 2; /* set all storages as ONLINE */
-	  init_unistr2(&stor->servername, path, strlen(path)+1);
-	  init_unistr2(&stor->sharename,  p+1, strlen(p+1)+1);
+	  init_unistr2(&stor->servername, path, UNI_STR_TERMINATE);
+	  init_unistr2(&stor->sharename,  p+1, UNI_STR_TERMINATE);
 	  stor->ptr_servername = stor->ptr_sharename = 1;
 	}
     }
diff --git a/source3/rpc_server/srv_lsa_ds_nt.c b/source3/rpc_server/srv_lsa_ds_nt.c
index 37540a9668..97e9dc361d 100644
--- a/source3/rpc_server/srv_lsa_ds_nt.c
+++ b/source3/rpc_server/srv_lsa_ds_nt.c
@@ -77,12 +77,12 @@ static NTSTATUS fill_dsrole_dominfo_basic(TALLOC_CTX *ctx, DSROLE_PRIMARY_DOMAIN
 
 	basic->netbios_ptr = 1;
 	netbios_domain = get_global_sam_name();
-	init_unistr2( &basic->netbios_domain, netbios_domain, strlen(netbios_domain) );
+	init_unistr2( &basic->netbios_domain, netbios_domain, UNI_FLAGS_NONE);
 
 	basic->dnsname_ptr = 1;
-	init_unistr2( &basic->dns_domain, dnsdomain, strlen(dnsdomain) );
+	init_unistr2( &basic->dns_domain, dnsdomain, UNI_FLAGS_NONE);
 	basic->forestname_ptr = 1;
-	init_unistr2( &basic->forest_domain, dnsdomain, strlen(dnsdomain) );
+	init_unistr2( &basic->forest_domain, dnsdomain, UNI_FLAGS_NONE);
 	
 
 	/* fill in some additional fields if we are a member of an AD domain */
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 686a3069bb..0921824cad 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -61,7 +61,12 @@ Init dom_query
 
 static void init_dom_query(DOM_QUERY *d_q, const char *dom_name, DOM_SID *dom_sid)
 {
-	int domlen = (dom_name != NULL) ? strlen(dom_name) : 0;
+	d_q->buffer_dom_name = (dom_name != NULL) ? 1 : 0; /* domain buffer pointer */
+	d_q->buffer_dom_sid = (dom_sid != NULL) ? 1 : 0;  /* domain sid pointer */
+
+	/* this string is supposed to be non-null terminated. */
+	/* But the maxlen in this UNISTR2 must include the terminating null. */
+	init_unistr2(&d_q->uni_domain_name, dom_name, UNI_MAXLEN_TERMINATE);
 
 	/*
 	 * I'm not sure why this really odd combination of length
@@ -71,14 +76,15 @@ static void init_dom_query(DOM_QUERY *d_q, const char *dom_name, DOM_SID *dom_si
 	 * a domain with both odd and even length names... JRA.
 	 */
 
-	d_q->uni_dom_str_len = domlen ? ((domlen + 1) * 2) : 0;
-	d_q->uni_dom_max_len = domlen * 2;
-	d_q->buffer_dom_name = domlen != 0 ? 1 : 0; /* domain buffer pointer */
-	d_q->buffer_dom_sid = dom_sid != NULL ? 1 : 0;  /* domain sid pointer */
+	/*
+	 * IMPORTANT NOTE !!!!
+	 * The two fields below probably are reversed in meaning, ie.
+	 * the first field is probably the str_len, the second the max
+	 * len. Both are measured in bytes anyway.
+	 */
 
-	/* this string is supposed to be character short */
-	init_unistr2(&d_q->uni_domain_name, dom_name, domlen);
-	d_q->uni_domain_name.uni_max_len++;
+	d_q->uni_dom_str_len = d_q->uni_domain_name.uni_max_len * 2;
+	d_q->uni_dom_max_len = d_q->uni_domain_name.uni_str_len * 2;
 
 	if (dom_sid != NULL)
 		init_dom_sid2(&d_q->dom_sid, dom_sid);
@@ -91,7 +97,6 @@ static void init_dom_query(DOM_QUERY *d_q, const char *dom_name, DOM_SID *dom_si
 static int init_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid)
 {
 	int num = 0;
-	int len;
 
 	if (dom_name != NULL) {
 		for (num = 0; num < ref->num_ref_doms_1; num++) {
@@ -114,14 +119,11 @@ static int init_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid)
 	ref->max_entries = MAX_REF_DOMAINS;
 	ref->num_ref_doms_2 = num+1;
 
-	len = (dom_name != NULL) ? strlen(dom_name) : 0;
-	if(dom_name != NULL && len == 0)
-		len = 1;
-
-	init_uni_hdr(&ref->hdr_ref_dom[num].hdr_dom_name, len);
 	ref->hdr_ref_dom[num].ptr_dom_sid = dom_sid != NULL ? 1 : 0;
 
-	init_unistr2(&ref->ref_dom[num].uni_dom_name, dom_name, len);
+	init_unistr2(&ref->ref_dom[num].uni_dom_name, dom_name, UNI_FLAGS_NONE);
+	init_uni_hdr(&ref->hdr_ref_dom[num].hdr_dom_name, &ref->ref_dom[num].uni_dom_name);
+
 	init_dom_sid2(&ref->ref_dom[num].ref_dom, dom_sid );
 
 	return num;
@@ -349,25 +351,22 @@ static void init_dns_dom_info(LSA_DNS_DOM_INFO *r_l, const char *nb_name,
 			      GUID *dom_guid, DOM_SID *dom_sid)
 {
 	if (nb_name && *nb_name) {
-		init_uni_hdr(&r_l->hdr_nb_dom_name, strlen(nb_name));
-		init_unistr2(&r_l->uni_nb_dom_name, nb_name, 
-			     strlen(nb_name));
+		init_unistr2(&r_l->uni_nb_dom_name, nb_name, UNI_FLAGS_NONE);
+		init_uni_hdr(&r_l->hdr_nb_dom_name, &r_l->uni_nb_dom_name);
 		r_l->hdr_nb_dom_name.uni_max_len += 2;
 		r_l->uni_nb_dom_name.uni_max_len += 1;
 	}
 	
 	if (dns_name && *dns_name) {
-		init_uni_hdr(&r_l->hdr_dns_dom_name, strlen(dns_name));
-		init_unistr2(&r_l->uni_dns_dom_name, dns_name,
-			     strlen(dns_name));
+		init_unistr2(&r_l->uni_dns_dom_name, dns_name, UNI_FLAGS_NONE);
+		init_uni_hdr(&r_l->hdr_dns_dom_name, &r_l->uni_dns_dom_name);
 		r_l->hdr_dns_dom_name.uni_max_len += 2;
 		r_l->uni_dns_dom_name.uni_max_len += 1;
 	}
 
 	if (forest_name && *forest_name) {
-		init_uni_hdr(&r_l->hdr_forest_name, strlen(forest_name));
-		init_unistr2(&r_l->uni_forest_name, forest_name,
-			     strlen(forest_name));
+		init_unistr2(&r_l->uni_forest_name, forest_name, UNI_FLAGS_NONE);
+		init_uni_hdr(&r_l->hdr_forest_name, &r_l->uni_forest_name);
 		r_l->hdr_forest_name.uni_max_len += 2;
 		r_l->uni_forest_name.uni_max_len += 1;
 	}
@@ -774,13 +773,13 @@ NTSTATUS _lsa_enum_privs(pipes_struct *p, LSA_Q_ENUM_PRIVS *q_u, LSA_R_ENUM_PRIV
 
 	for (i = 0; i < PRIV_ALL_INDEX; i++, entry++) {
 		if( i<enum_context) {
-			init_uni_hdr(&entry->hdr_name, 0);
-			init_unistr2(&entry->name, NULL, 0 );
+			init_unistr2(&entry->name, NULL, UNI_FLAGS_NONE);
+			init_uni_hdr(&entry->hdr_name, &entry->name);
 			entry->luid_low = 0;
 			entry->luid_high = 0;
 		} else {
-			init_uni_hdr(&entry->hdr_name, strlen(privs[i+1].priv));
-			init_unistr2(&entry->name, privs[i+1].priv, strlen(privs[i+1].priv) );
+			init_unistr2(&entry->name, privs[i+1].priv, UNI_FLAGS_NONE);
+			init_uni_hdr(&entry->hdr_name, &entry->name);
 			entry->luid_low = privs[i+1].se_priv;
 			entry->luid_high = 0;
 		}
@@ -822,8 +821,8 @@ NTSTATUS _lsa_priv_get_dispname(pipes_struct *p, LSA_Q_PRIV_GET_DISPNAME *q_u, L
 	
 	if (privs[i].se_priv!=SE_PRIV_ALL) {
 		DEBUG(10,(": %s\n", privs[i].description));
-		init_uni_hdr(&r_u->hdr_desc, strlen(privs[i].description));
-		init_unistr2(&r_u->desc, privs[i].description, strlen(privs[i].description) );
+		init_unistr2(&r_u->desc, privs[i].description, UNI_FLAGS_NONE);
+		init_uni_hdr(&r_u->hdr_desc, &r_u->desc);
 
 		r_u->ptr_info=0xdeadbeef;
 		r_u->lang_id=q_u->lang_id;
@@ -890,7 +889,6 @@ NTSTATUS _lsa_enum_accounts(pipes_struct *p, LSA_Q_ENUM_ACCOUNTS *q_u, LSA_R_ENU
 NTSTATUS _lsa_unk_get_connuser(pipes_struct *p, LSA_Q_UNK_GET_CONNUSER *q_u, LSA_R_UNK_GET_CONNUSER *r_u)
 {
 	fstring username, domname;
-	int ulen, dlen;
 	user_struct *vuser = get_valid_user_struct(p->vuid);
   
 	if (vuser == NULL)
@@ -899,18 +897,15 @@ NTSTATUS _lsa_unk_get_connuser(pipes_struct *p, LSA_Q_UNK_GET_CONNUSER *q_u, LSA
 	fstrcpy(username, vuser->user.smb_name);
 	fstrcpy(domname, vuser->user.domain);
   
-	ulen = strlen(username) + 1;
-	dlen = strlen(domname) + 1;
-  
-	init_uni_hdr(&r_u->hdr_user_name, ulen);
 	r_u->ptr_user_name = 1;
-	init_unistr2(&r_u->uni2_user_name, username, ulen);
+	init_unistr2(&r_u->uni2_user_name, username, UNI_STR_TERMINATE);
+	init_uni_hdr(&r_u->hdr_user_name, &r_u->uni2_user_name);
 
 	r_u->unk1 = 1;
   
-	init_uni_hdr(&r_u->hdr_dom_name, dlen);
 	r_u->ptr_dom_name = 1;
-	init_unistr2(&r_u->uni2_dom_name, domname, dlen);
+	init_unistr2(&r_u->uni2_dom_name, domname,  UNI_STR_TERMINATE);
+	init_uni_hdr(&r_u->hdr_dom_name, &r_u->uni2_dom_name);
 
 	r_u->status = NT_STATUS_OK;
   
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 828e07c1ad..71e5bc7d70 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -719,7 +719,7 @@ static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UN
 	for (i = 0; i < num_entries; i++) {
 		pwd = &disp_user_info[i+start_idx];
 		temp_name = pdb_get_username(pwd);
-		init_unistr2(&uni_temp_name, temp_name, strlen(temp_name)+1);
+		init_unistr2(&uni_temp_name, temp_name, UNI_STR_TERMINATE);
 		user_sid = pdb_get_user_sid(pwd);
 
 		if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) {
@@ -731,7 +731,7 @@ static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UN
 			return NT_STATUS_UNSUCCESSFUL;
 		}
 
-		init_sam_entry(&sam[i], uni_temp_name.uni_str_len, user_rid);
+		init_sam_entry(&sam[i], &uni_temp_name, user_rid);
 		copy_unistr2(&uni_name[i], &uni_temp_name);
 	}
 
@@ -865,10 +865,8 @@ static void make_group_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UNIST
 		/*
 		 * JRA. I think this should include the null. TNG does not.
 		 */
-		int len = strlen(grp[i].name)+1;
-
-		init_sam_entry(&sam[i], len, grp[i].rid);
-		init_unistr2(&uni_name[i], grp[i].name, len);
+		init_unistr2(&uni_name[i], grp[i].name, UNI_STR_TERMINATE);
+		init_sam_entry(&sam[i], &uni_name[i], grp[i].rid);
 	}
 
 	*sam_pp = sam;
@@ -1580,10 +1578,9 @@ static BOOL make_samr_lookup_rids(TALLOC_CTX *ctx, uint32 num_names, fstring nam
 	}
 
 	for (i = 0; i < num_names; i++) {
-		int len = names[i] != NULL ? strlen(names[i]) : 0;
-		DEBUG(10, ("names[%d]:%s\n", i, names[i]));
-		init_uni_hdr(&hdr_name[i], len);
-		init_unistr2(&uni_name[i], names[i], len);
+		DEBUG(10, ("names[%d]:%s\n", i, names[i] ? names[i] : ""));
+		init_unistr2(&uni_name[i], names[i], UNI_FLAGS_NONE);
+		init_uni_hdr(&hdr_name[i], &uni_name[i]);
 	}
 
 	*pp_uni_name = uni_name;
@@ -2570,10 +2567,8 @@ static BOOL make_enum_domains(TALLOC_CTX *ctx, SAM_ENTRY **pp_sam,
 		return False;
 
 	for (i = 0; i < num_sam_entries; i++) {
-		int len = doms[i] != NULL ? strlen(doms[i]) : 0;
-
-		init_sam_entry(&sam[i], len, 0);
-		init_unistr2(&uni_name[i], doms[i], len);
+		init_unistr2(&uni_name[i], doms[i], UNI_FLAGS_NONE);
+		init_sam_entry(&sam[i], &uni_name[i], 0);
 	}
 
 	*pp_sam = sam;
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 7159527a7d..493f58f8a8 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -690,7 +690,7 @@ static void notify_string(struct spoolss_notify_msg *msg,
 	
 	/* The length of the message includes the trailing \0 */
 
-	init_unistr2(&unistr, msg->notify.data, msg->len);
+	init_unistr2(&unistr, msg->notify.data, UNI_STR_TERMINATE);
 
 	data->notify_data.data.length = msg->len * 2;
 	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, msg->len * 2);
@@ -6121,7 +6121,7 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level,
 	 */
 
 	if (!strequal(printer->info_2->comment, old_printer->info_2->comment)) {
-		init_unistr2( &buffer, printer->info_2->comment, strlen(printer->info_2->comment)+1 );
+		init_unistr2( &buffer, printer->info_2->comment, UNI_STR_TERMINATE);
 		set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "description",
 			REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 );
 
@@ -6129,7 +6129,7 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level,
 	}
 
 	if (!strequal(printer->info_2->sharename, old_printer->info_2->sharename)) {
-		init_unistr2( &buffer, printer->info_2->sharename, strlen(printer->info_2->sharename)+1 );
+		init_unistr2( &buffer, printer->info_2->sharename, UNI_STR_TERMINATE);
 		set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "printerName",
 			REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 );
 		set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "shareName",
@@ -6139,7 +6139,7 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level,
 	}
 
 	if (!strequal(printer->info_2->portname, old_printer->info_2->portname)) {
-		init_unistr2( &buffer, printer->info_2->portname, strlen(printer->info_2->portname)+1 );
+		init_unistr2( &buffer, printer->info_2->portname, UNI_STR_TERMINATE);
 		set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "portName",
 			REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 );
 
@@ -6147,7 +6147,7 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level,
 	}
 
 	if (!strequal(printer->info_2->location, old_printer->info_2->location)) {
-		init_unistr2( &buffer, printer->info_2->location, strlen(printer->info_2->location)+1 );
+		init_unistr2( &buffer, printer->info_2->location, UNI_STR_TERMINATE);
 		set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "location",
 			REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 );
 
@@ -6157,7 +6157,7 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level,
 	/* here we need to update some more DsSpooler keys */
 	/* uNCName, serverName, shortServerName */
 	
-	init_unistr2( &buffer, global_myname(), strlen(global_myname())+1 );
+	init_unistr2( &buffer, global_myname(), UNI_STR_TERMINATE);
 	set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "serverName",
 		REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 );
 	set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "shortServerName",
@@ -6165,7 +6165,7 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level,
 
 	slprintf( asc_buffer, sizeof(asc_buffer)-1, "\\\\%s\\%s",
                  global_myname(), printer->info_2->sharename );
-	init_unistr2( &buffer, asc_buffer, strlen(asc_buffer)+1 );
+	init_unistr2( &buffer, asc_buffer, UNI_STR_TERMINATE);
 	set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "uNCName",
 		REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 );