diff options
author | Jeremy Allison <jra@samba.org> | 2010-01-29 16:41:53 -0800 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2010-01-29 16:41:53 -0800 |
commit | 1876b5a7e33a1376a5e275a52f8fbab69fa82ab6 (patch) | |
tree | db4e500eb366fefacdd7452c1446b9d5db963a9d /source4/rpc_server/spoolss | |
parent | ce73f91ee2681862e26e84e5572336d84cf341c4 (diff) | |
download | samba-1876b5a7e33a1376a5e275a52f8fbab69fa82ab6.tar.gz samba-1876b5a7e33a1376a5e275a52f8fbab69fa82ab6.tar.bz2 samba-1876b5a7e33a1376a5e275a52f8fbab69fa82ab6.zip |
Fix a really interesting problem found by Volker's conversion of sessionsetup SPNEGO to asynchronous code.
Normally clistr_push_fn() can depend upon cli->outbuf being
initialized by negprot and sessionsetup packets, and cli->outbuf[smb_flgs2] being
correctly set with FLAGS2_UNICODE_STRINGS when cli_setup_packet() is called. When
all the sessionsetups are async, then cli_setup_packet() is never called, the async
code uses cli_setup_packet_buf() - which initializes the allocated async buffer,
not the cli->outbuf one. So the first time clistr_push_fn() is called is from
libsmb/clidfs.c:cli_dfs_get_referral(), just after the connection and tconX.
In this case cli->outbuf has never been initialized, and cli->outbuf[smb_flgs2] = 0
so the DFS query pushes ASCII on the wire, which is not what we want :-).
Remove the dependency on cli->outbuf[smb_flgs2] in clistr_push_fn(), and
fake up a SVAL(cli->outbuf, smb_flg2) value using cli_ucs2(cli) function
instead, which has been initialized. We only care about the FLAGS2_UNICODE_STRINGS
bit anyway.
I don't think this is an issue for 3.5.0 as the sessionsetup is still
synchronous there, but Volker PLEASE CHECK !
Jeremy.
Diffstat (limited to 'source4/rpc_server/spoolss')
0 files changed, 0 insertions, 0 deletions