From e15dfd44c912bf9a567a13cbbec63c4ecbabaed4 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Tue, 22 Apr 2003 15:54:36 +0000
Subject: parse_string is only used for the authentication negotiators.

It can itself determine the length of the string it has to
transfer. Andrew B., could you take a look at the length calculation?
Is that safe?

Thanks,

Volker
(This used to be commit 0ef69b586a8f1fa11a41a3900180ea2090b60bfd)
---
 source3/rpc_parse/parse_prs.c |  8 +++++++-
 source3/rpc_parse/parse_rpc.c | 16 ++++++----------
 2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c
index 696142905b..e0a75d7382 100644
--- a/source3/rpc_parse/parse_prs.c
+++ b/source3/rpc_parse/parse_prs.c
@@ -1159,10 +1159,16 @@ BOOL prs_unistr(const char *name, prs_struct *ps, int depth, UNISTR *str)
  not include the null-termination character.
  ********************************************************************/
 
-BOOL prs_string(const char *name, prs_struct *ps, int depth, char *str, int len, int max_buf_size)
+BOOL prs_string(const char *name, prs_struct *ps, int depth, char *str, int max_buf_size)
 {
 	char *q;
 	int i;
+	int len;
+
+	if (UNMARSHALLING(ps))
+		len = strlen(&ps->data_p[ps->data_offset]);
+	else
+		len = strlen(str);
 
 	len = MIN(len, (max_buf_size-1));
 
diff --git a/source3/rpc_parse/parse_rpc.c b/source3/rpc_parse/parse_rpc.c
index dd75ea1f55..be3a04e31c 100644
--- a/source3/rpc_parse/parse_rpc.c
+++ b/source3/rpc_parse/parse_rpc.c
@@ -691,7 +691,7 @@ BOOL smb_io_rpc_auth_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_stru
 	depth++;
 
 	/* "NTLMSSP" */
-	if(!prs_string("signature", ps, depth, rav->signature, strlen("NTLMSSP"),
+	if(!prs_string("signature", ps, depth, rav->signature,
 			sizeof(rav->signature)))
 		return False;
 	if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type)) /* NTLMSSP_MESSAGE_TYPE */
@@ -701,7 +701,7 @@ BOOL smb_io_rpc_auth_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_stru
 }
 
 /*******************************************************************
- This parses an RPC_AUTH_VERIFIER for NETLOGON schannel. I thing
+ This parses an RPC_AUTH_VERIFIER for NETLOGON schannel. I think
  assuming "NTLMSSP" in sm_io_rpc_auth_verifier is somewhat wrong.
  I have to look at that later...
 ********************************************************************/
@@ -714,11 +714,9 @@ BOOL smb_io_rpc_netsec_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_st
 	prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier");
 	depth++;
 
-	/* "NTLMSSP" */
-	if(!prs_string("signature", ps, depth, rav->signature, strlen(rav->signature),
-			sizeof(rav->signature)))
+	if(!prs_string("signature", ps, depth, rav->signature, sizeof(rav->signature)))
 		return False;
-	if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type)) /* NTLMSSP_MESSAGE_TYPE */
+	if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type))
 		return False;
 
 	return True;
@@ -1170,11 +1168,9 @@ BOOL smb_io_rpc_auth_netsec_neg(const char *desc, RPC_AUTH_NETSEC_NEG *neg,
 		return False;
 	if(!prs_uint32("type2", ps, depth, &neg->type2))
 		return False;
-	if(!prs_string("domain  ", ps, depth, neg->domain,
-		       strlen(neg->domain), sizeof(neg->domain)))
+	if(!prs_string("domain  ", ps, depth, neg->domain, sizeof(neg->domain)))
 		return False;
-	if(!prs_string("myname  ", ps, depth, neg->myname, 
-		       strlen(neg->myname), sizeof(neg->myname)))
+	if(!prs_string("myname  ", ps, depth, neg->myname, sizeof(neg->myname)))
 		return False;
 
 	return True;
-- 
cgit