summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1998-10-27 15:03:47 +0000
committerLuke Leighton <lkcl@samba.org>1998-10-27 15:03:47 +0000
commit528c3d3e682ce85d8b041a1396e59f5229716e71 (patch)
tree6cf77109368d04a74e1bc381a0b4edfbf86da8dd /source3/rpc_server
parent03893a1ab9f87965746fa3255c35337e0dabd8ae (diff)
downloadsamba-528c3d3e682ce85d8b041a1396e59f5229716e71.tar.gz
samba-528c3d3e682ce85d8b041a1396e59f5229716e71.tar.bz2
samba-528c3d3e682ce85d8b041a1396e59f5229716e71.zip
amazing. the improvements to NT continue, evidence for which shows up
now as "RPC fault" if the UNIHDR structure lengths do not exactly match up to the length of the data stream. so, all versions of samba prior to this one have an off-by-one bug in unicode string lengths. all versions of NT prior to NT 5 beta 2 could possibly have buffer problems when receiving badly formatted UNICODE strings. (This used to be commit 161eb6f511e161b63c1fa90a08c562fcf208344a)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_samr.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c
index 74d06d1bca..034e4dd336 100644
--- a/source3/rpc_server/srv_samr.c
+++ b/source3/rpc_server/srv_samr.c
@@ -418,7 +418,7 @@ static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u,
got_grps = True;
num_entries = 1;
- make_unistr2(&(pass[0].uni_user_name), dummy_group, strlen(dummy_group));
+ make_unistr2(&(pass[0].uni_user_name), dummy_group, strlen(dummy_group)-1);
pass[0].user_rid = DOMAIN_GROUP_RID_ADMINS;
if (r_e.status == 0 && got_grps)
@@ -481,7 +481,7 @@ static void samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u,
char *name;
while (num_entries < MAX_SAM_ENTRIES && ((name = builtin_alias_rids[num_entries].name) != NULL))
{
- make_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name));
+ make_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name)-1);
pass[num_entries].user_rid = builtin_alias_rids[num_entries].rid;
num_entries++;
}