From c50a17cc8d6bc23f03c3d44ceccebce06417ba21 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 28 Jan 2010 18:52:46 +0100 Subject: libcli/nbt: fix ndr_pull/push_wrepl_nbt_name() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [MS-WINSRA] — v20091104 was wrong regarding section "2.2.10.1 Name Record" If the name buffer is already 4 byte aligned Windows (at least 2003 SP1 and 2008) add 4 extra bytes. This can happen when the name has a scope. metze --- libcli/nbt/nbtname.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'libcli/nbt/nbtname.c') diff --git a/libcli/nbt/nbtname.c b/libcli/nbt/nbtname.c index 338cb21089..1650ff96ae 100644 --- a/libcli/nbt/nbtname.c +++ b/libcli/nbt/nbtname.c @@ -517,6 +517,19 @@ _PUBLIC_ enum ndr_err_code ndr_pull_wrepl_nbt_name(struct ndr_pull *ndr, int ndr NDR_PULL_ALLOC_N(ndr, namebuf, namebuf_len); NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, namebuf, namebuf_len)); + if ((namebuf_len % 4) == 0) { + /* + * [MS-WINSRA] — v20091104 was wrong + * regarding section "2.2.10.1 Name Record" + * + * If the name buffer is already 4 byte aligned + * Windows (at least 2003 SP1 and 2008) add 4 extra + * bytes. This can happen when the name has a scope. + */ + uint32_t pad; + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &pad)); + } + NDR_PULL_ALLOC(ndr, r); /* oh wow, what a nasty bug in windows ... */ @@ -615,6 +628,18 @@ _PUBLIC_ enum ndr_err_code ndr_push_wrepl_nbt_name(struct ndr_push *ndr, int ndr NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, namebuf_len)); NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, namebuf, namebuf_len)); + if ((namebuf_len % 4) == 0) { + /* + * [MS-WINSRA] — v20091104 was wrong + * regarding section "2.2.10.1 Name Record" + * + * If the name buffer is already 4 byte aligned + * Windows (at least 2003 SP1 and 2008) add 4 extra + * bytes. This can happen when the name has a scope. + */ + NDR_CHECK(ndr_push_zero(ndr, 4)); + } + talloc_free(namebuf); return NDR_ERR_SUCCESS; } -- cgit