diff options
author | Luke Leighton <lkcl@samba.org> | 1998-10-27 15:03:47 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 1998-10-27 15:03:47 +0000 |
commit | 528c3d3e682ce85d8b041a1396e59f5229716e71 (patch) | |
tree | 6cf77109368d04a74e1bc381a0b4edfbf86da8dd /source3/rpc_server | |
parent | 03893a1ab9f87965746fa3255c35337e0dabd8ae (diff) | |
download | samba-528c3d3e682ce85d8b041a1396e59f5229716e71.tar.gz samba-528c3d3e682ce85d8b041a1396e59f5229716e71.tar.bz2 samba-528c3d3e682ce85d8b041a1396e59f5229716e71.zip |
amazing. the improvements to NT continue, evidence for which shows up
now as "RPC fault" if the UNIHDR structure lengths do not exactly
match up to the length of the data stream.
so, all versions of samba prior to this one have an off-by-one bug
in unicode string lengths.
all versions of NT prior to NT 5 beta 2 could possibly have buffer
problems when receiving badly formatted UNICODE strings.
(This used to be commit 161eb6f511e161b63c1fa90a08c562fcf208344a)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/srv_samr.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index 74d06d1bca..034e4dd336 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -418,7 +418,7 @@ static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u, got_grps = True; num_entries = 1; - make_unistr2(&(pass[0].uni_user_name), dummy_group, strlen(dummy_group)); + make_unistr2(&(pass[0].uni_user_name), dummy_group, strlen(dummy_group)-1); pass[0].user_rid = DOMAIN_GROUP_RID_ADMINS; if (r_e.status == 0 && got_grps) @@ -481,7 +481,7 @@ static void samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u, char *name; while (num_entries < MAX_SAM_ENTRIES && ((name = builtin_alias_rids[num_entries].name) != NULL)) { - make_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name)); + make_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name)-1); pass[num_entries].user_rid = builtin_alias_rids[num_entries].rid; num_entries++; } |