diff options
-rw-r--r-- | source3/lib/charcnv.c | 40 | ||||
-rw-r--r-- | source3/nmbd/nmbd_processlogon.c | 30 |
2 files changed, 47 insertions, 23 deletions
diff --git a/source3/lib/charcnv.c b/source3/lib/charcnv.c index 3f9beb0254..c3493dc9dc 100644 --- a/source3/lib/charcnv.c +++ b/source3/lib/charcnv.c @@ -745,7 +745,7 @@ size_t unix_strupper(const char *src, size_t srclen, char *dest, size_t destlen) size = push_ucs2_allocate(&buffer, src); if (size == (size_t)-1) { - return 0; + return (size_t)-1; } if (!strupper_w(buffer) && (dest == src)) { free(buffer); @@ -963,14 +963,12 @@ size_t push_ascii(void *dest, const char *src, size_t dest_len, int flags) /* No longer allow a length of -1. */ if (dest_len == (size_t)-1) { smb_panic("push_ascii - dest_len == -1"); - return (size_t)0; } if (flags & STR_UPPER) { tmpbuf = SMB_STRDUP(src); if (!tmpbuf) { smb_panic("malloc fail"); - return (size_t)0; } strupper_m(tmpbuf); src = tmpbuf; @@ -981,10 +979,12 @@ size_t push_ascii(void *dest, const char *src, size_t dest_len, int flags) } ret = convert_string(CH_UNIX, CH_DOS, src, src_len, dest, dest_len, True); - SAFE_FREE(tmpbuf); - if (ret == (size_t)-1) { - return 0; + if (ret == (size_t)-1 && + (flags & (STR_TERMINATE | STR_TERMINATE_ASCII)) + && dest_len > 0) { + ((char *)dest)[0] = '\0'; } + SAFE_FREE(tmpbuf); return ret; } @@ -1071,7 +1071,6 @@ size_t pull_ascii(char *dest, const void *src, size_t dest_len, size_t src_len, if (dest_len == (size_t)-1) { /* No longer allow dest_len of -1. */ smb_panic("pull_ascii - invalid dest_len of -1"); - return 0; } if (flags & STR_TERMINATE) { @@ -1168,7 +1167,7 @@ static size_t pull_ascii_base_talloc(TALLOC_CTX *ctx, True); if (dest_len == (size_t)-1) { - return 0; + dest_len = 0; } if (dest_len && dest) { @@ -1228,7 +1227,6 @@ size_t push_ucs2(const void *base_ptr, void *dest, const char *src, size_t dest_ if (dest_len == (size_t)-1) { /* No longer allow dest_len of -1. */ smb_panic("push_ucs2 - invalid dest_len of -1"); - return 0; } if (flags & STR_TERMINATE) @@ -1249,7 +1247,12 @@ size_t push_ucs2(const void *base_ptr, void *dest, const char *src, size_t dest_ ret = convert_string(CH_UNIX, CH_UTF16LE, src, src_len, dest, dest_len, True); if (ret == (size_t)-1) { - return 0; + if ((flags & STR_TERMINATE) && + dest && + dest_len) { + *(char *)dest = 0; + } + return len; } len += ret; @@ -1327,13 +1330,12 @@ static size_t push_utf8(void *dest, const char *src, size_t dest_len, int flags) if (dest_len == (size_t)-1) { /* No longer allow dest_len of -1. */ smb_panic("push_utf8 - invalid dest_len of -1"); - return 0; } if (flags & STR_UPPER) { tmpbuf = strdup_upper(src); if (!tmpbuf) { - return 0; + return (size_t)-1; } src = tmpbuf; src_len = strlen(src); @@ -1434,7 +1436,8 @@ size_t pull_ucs2(const void *base_ptr, char *dest, const void *src, size_t dest_ ret = convert_string(CH_UTF16LE, CH_UNIX, src, src_len, dest, dest_len, True); if (ret == (size_t)-1) { - return 0; + ret = 0; + dest_len = 0; } if (src_len == (size_t)-1) @@ -1523,7 +1526,7 @@ static size_t pull_ucs2_base_talloc(TALLOC_CTX *ctx, (void *)&dest, True); if (dest_len == (size_t)-1) { - return 0; + dest_len = 0; } if (src_len == (size_t)-1) @@ -1668,11 +1671,9 @@ size_t push_string_fn(const char *function, unsigned int line, * JRA. */ #if 0 - if (dest_len != (size_t)-1) - clobber_region(function, line, dest, dest_len); + clobber_region(function, line, dest, dest_len); #else - if (dest_len != (size_t)-1) - memset(dest, '\0', dest_len); + memset(dest, '\0', dest_len); #endif #endif @@ -1705,8 +1706,7 @@ size_t pull_string_fn(const char *function, unsigned int line, int flags) { #ifdef DEVELOPER - if (dest_len != (size_t)-1) - clobber_region(function, line, dest, dest_len); + clobber_region(function, line, dest, dest_len); #endif if ((base_ptr == NULL) && ((flags & (STR_ASCII|STR_UNICODE)) == 0)) { diff --git a/source3/nmbd/nmbd_processlogon.c b/source3/nmbd/nmbd_processlogon.c index 8a183c4d24..abac2ac776 100644 --- a/source3/nmbd/nmbd_processlogon.c +++ b/source3/nmbd/nmbd_processlogon.c @@ -53,6 +53,7 @@ void process_logon_packet(struct packet_struct *p, char *buf,int len, char *uniuser; /* Unicode user name. */ pstring ascuser; char *unicomp; /* Unicode computer name. */ + size_t size; memset(outbuf, 0, sizeof(outbuf)); @@ -108,9 +109,12 @@ logons are not enabled.\n", inet_ntoa(p->ip) )); fstrcpy(reply_name, "\\\\"); fstrcat(reply_name, my_name); - push_ascii(q,reply_name, + size = push_ascii(q,reply_name, sizeof(outbuf)-PTR_DIFF(q, outbuf), STR_TERMINATE); + if (size == (size_t)-1) { + return; + } q = skip_string(outbuf,sizeof(outbuf),q); /* PDC name */ SSVAL(q, 0, token); @@ -206,9 +210,12 @@ logons are not enabled.\n", inet_ntoa(p->ip) )); q += 2; fstrcpy(reply_name,my_name); - push_ascii(q, reply_name, + size = push_ascii(q, reply_name, sizeof(outbuf)-PTR_DIFF(q, outbuf), STR_TERMINATE); + if (size == (size_t)-1) { + return; + } q = skip_string(outbuf,sizeof(outbuf),q); /* PDC name */ /* PDC and domain name */ @@ -377,7 +384,6 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", pstring domain; pstring hostname; char *component, *dc, *q1; - uint8 size; char *q_orig = q; int str_offset; @@ -423,6 +429,9 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", size = push_ascii(&q[1], component, sizeof(outbuf) - PTR_DIFF(q+1, outbuf), 0); + if (size == (size_t)-1 || size > 0xff) { + return; + } SCVAL(q, 0, size); q += (size + 1); } @@ -443,6 +452,9 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", size = push_ascii(&q[1], hostname, sizeof(outbuf) - PTR_DIFF(q+1, outbuf), 0); + if (size == (size_t)-1 || size > 0xff) { + return; + } SCVAL(q, 0, size); q += (size + 1); @@ -458,6 +470,9 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", size = push_ascii(&q[1], lp_workgroup(), sizeof(outbuf) - PTR_DIFF(q+1, outbuf), STR_UPPER); + if (size == (size_t)-1 || size > 0xff) { + return; + } SCVAL(q, 0, size); q += (size + 1); @@ -473,6 +488,9 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", size = push_ascii(&q[1], my_name, sizeof(outbuf) - PTR_DIFF(q+1, outbuf), 0); + if (size == (size_t)-1 || size > 0xff) { + return; + } SCVAL(q, 0, size); q += (size + 1); @@ -489,6 +507,9 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", size = push_ascii(&q[1], ascuser, sizeof(outbuf) - PTR_DIFF(q+1, outbuf), 0); + if (size == (size_t)-1 || size > 0xff) { + return; + } SCVAL(q, 0, size); q += (size + 1); } @@ -501,6 +522,9 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", size = push_ascii(&q[1], "Default-First-Site-Name", sizeof(outbuf) - PTR_DIFF(q+1, outbuf), 0); + if (size == (size_t)-1 || size > 0xff) { + return; + } SCVAL(q, 0, size); q += (size + 1); |