From d3b9384308e4b5130c9455b853edc4702d7af303 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 25 Sep 2003 21:26:16 +0000 Subject: Fix for #480. Change the interface for init_unistr2 to not take a length but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string. This is not the case. Count it after conversion. Jeremy. (This used to be commit f82c273a42f930c7152cfab84394781744815e0e) --- source3/rpc_server/srv_dfs_nt.c | 12 +++---- source3/rpc_server/srv_lsa_ds_nt.c | 6 ++-- source3/rpc_server/srv_lsa_nt.c | 71 +++++++++++++++++-------------------- source3/rpc_server/srv_samr_nt.c | 23 +++++------- source3/rpc_server/srv_spoolss_nt.c | 14 ++++---- 5 files changed, 58 insertions(+), 68 deletions(-) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_dfs_nt.c b/source3/rpc_server/srv_dfs_nt.c index 3470ad99b4..751cb6e642 100644 --- a/source3/rpc_server/srv_dfs_nt.c +++ b/source3/rpc_server/srv_dfs_nt.c @@ -198,7 +198,7 @@ static BOOL init_reply_dfs_info_1(struct junction_map* j, DFS_INFO_1* dfs1, int slprintf(str, sizeof(pstring)-1, "\\\\%s\\%s\\%s", global_myname(), j[i].service_name, j[i].volume_name); DEBUG(5,("init_reply_dfs_info_1: %d) initing entrypath: %s\n",i,str)); - init_unistr2(&dfs1[i].entrypath,str,strlen(str)+1); + init_unistr2(&dfs1[i].entrypath,str,UNI_STR_TERMINATE); } return True; } @@ -212,7 +212,7 @@ static BOOL init_reply_dfs_info_2(struct junction_map* j, DFS_INFO_2* dfs2, int dfs2[i].ptr_entrypath = 1; slprintf(str, sizeof(pstring)-1, "\\\\%s\\%s\\%s", global_myname(), j[i].service_name, j[i].volume_name); - init_unistr2(&dfs2[i].entrypath, str, strlen(str)+1); + init_unistr2(&dfs2[i].entrypath, str, UNI_STR_TERMINATE); dfs2[i].ptr_comment = 0; dfs2[i].state = 1; /* set up state of dfs junction as OK */ dfs2[i].num_storages = j[i].referral_count; @@ -234,9 +234,9 @@ static BOOL init_reply_dfs_info_3(TALLOC_CTX *ctx, struct junction_map* j, DFS_I slprintf(str, sizeof(pstring)-1, "\\\\%s\\%s\\%s", global_myname(), j[i].service_name, j[i].volume_name); - init_unistr2(&dfs3[i].entrypath, str, strlen(str)+1); + init_unistr2(&dfs3[i].entrypath, str, UNI_STR_TERMINATE); dfs3[i].ptr_comment = 1; - init_unistr2(&dfs3[i].comment, "", 1); + init_unistr2(&dfs3[i].comment, "", UNI_STR_TERMINATE); dfs3[i].state = 1; dfs3[i].num_storages = dfs3[i].num_storage_infos = j[i].referral_count; dfs3[i].ptr_storages = 1; @@ -267,8 +267,8 @@ static BOOL init_reply_dfs_info_3(TALLOC_CTX *ctx, struct junction_map* j, DFS_I *p = '\0'; DEBUG(5,("storage %d: %s.%s\n",ii,path,p+1)); stor->state = 2; /* set all storages as ONLINE */ - init_unistr2(&stor->servername, path, strlen(path)+1); - init_unistr2(&stor->sharename, p+1, strlen(p+1)+1); + init_unistr2(&stor->servername, path, UNI_STR_TERMINATE); + init_unistr2(&stor->sharename, p+1, UNI_STR_TERMINATE); stor->ptr_servername = stor->ptr_sharename = 1; } } diff --git a/source3/rpc_server/srv_lsa_ds_nt.c b/source3/rpc_server/srv_lsa_ds_nt.c index 37540a9668..97e9dc361d 100644 --- a/source3/rpc_server/srv_lsa_ds_nt.c +++ b/source3/rpc_server/srv_lsa_ds_nt.c @@ -77,12 +77,12 @@ static NTSTATUS fill_dsrole_dominfo_basic(TALLOC_CTX *ctx, DSROLE_PRIMARY_DOMAIN basic->netbios_ptr = 1; netbios_domain = get_global_sam_name(); - init_unistr2( &basic->netbios_domain, netbios_domain, strlen(netbios_domain) ); + init_unistr2( &basic->netbios_domain, netbios_domain, UNI_FLAGS_NONE); basic->dnsname_ptr = 1; - init_unistr2( &basic->dns_domain, dnsdomain, strlen(dnsdomain) ); + init_unistr2( &basic->dns_domain, dnsdomain, UNI_FLAGS_NONE); basic->forestname_ptr = 1; - init_unistr2( &basic->forest_domain, dnsdomain, strlen(dnsdomain) ); + init_unistr2( &basic->forest_domain, dnsdomain, UNI_FLAGS_NONE); /* fill in some additional fields if we are a member of an AD domain */ diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 686a3069bb..0921824cad 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -61,7 +61,12 @@ Init dom_query static void init_dom_query(DOM_QUERY *d_q, const char *dom_name, DOM_SID *dom_sid) { - int domlen = (dom_name != NULL) ? strlen(dom_name) : 0; + d_q->buffer_dom_name = (dom_name != NULL) ? 1 : 0; /* domain buffer pointer */ + d_q->buffer_dom_sid = (dom_sid != NULL) ? 1 : 0; /* domain sid pointer */ + + /* this string is supposed to be non-null terminated. */ + /* But the maxlen in this UNISTR2 must include the terminating null. */ + init_unistr2(&d_q->uni_domain_name, dom_name, UNI_MAXLEN_TERMINATE); /* * I'm not sure why this really odd combination of length @@ -71,14 +76,15 @@ static void init_dom_query(DOM_QUERY *d_q, const char *dom_name, DOM_SID *dom_si * a domain with both odd and even length names... JRA. */ - d_q->uni_dom_str_len = domlen ? ((domlen + 1) * 2) : 0; - d_q->uni_dom_max_len = domlen * 2; - d_q->buffer_dom_name = domlen != 0 ? 1 : 0; /* domain buffer pointer */ - d_q->buffer_dom_sid = dom_sid != NULL ? 1 : 0; /* domain sid pointer */ + /* + * IMPORTANT NOTE !!!! + * The two fields below probably are reversed in meaning, ie. + * the first field is probably the str_len, the second the max + * len. Both are measured in bytes anyway. + */ - /* this string is supposed to be character short */ - init_unistr2(&d_q->uni_domain_name, dom_name, domlen); - d_q->uni_domain_name.uni_max_len++; + d_q->uni_dom_str_len = d_q->uni_domain_name.uni_max_len * 2; + d_q->uni_dom_max_len = d_q->uni_domain_name.uni_str_len * 2; if (dom_sid != NULL) init_dom_sid2(&d_q->dom_sid, dom_sid); @@ -91,7 +97,6 @@ static void init_dom_query(DOM_QUERY *d_q, const char *dom_name, DOM_SID *dom_si static int init_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid) { int num = 0; - int len; if (dom_name != NULL) { for (num = 0; num < ref->num_ref_doms_1; num++) { @@ -114,14 +119,11 @@ static int init_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid) ref->max_entries = MAX_REF_DOMAINS; ref->num_ref_doms_2 = num+1; - len = (dom_name != NULL) ? strlen(dom_name) : 0; - if(dom_name != NULL && len == 0) - len = 1; - - init_uni_hdr(&ref->hdr_ref_dom[num].hdr_dom_name, len); ref->hdr_ref_dom[num].ptr_dom_sid = dom_sid != NULL ? 1 : 0; - init_unistr2(&ref->ref_dom[num].uni_dom_name, dom_name, len); + init_unistr2(&ref->ref_dom[num].uni_dom_name, dom_name, UNI_FLAGS_NONE); + init_uni_hdr(&ref->hdr_ref_dom[num].hdr_dom_name, &ref->ref_dom[num].uni_dom_name); + init_dom_sid2(&ref->ref_dom[num].ref_dom, dom_sid ); return num; @@ -349,25 +351,22 @@ static void init_dns_dom_info(LSA_DNS_DOM_INFO *r_l, const char *nb_name, GUID *dom_guid, DOM_SID *dom_sid) { if (nb_name && *nb_name) { - init_uni_hdr(&r_l->hdr_nb_dom_name, strlen(nb_name)); - init_unistr2(&r_l->uni_nb_dom_name, nb_name, - strlen(nb_name)); + init_unistr2(&r_l->uni_nb_dom_name, nb_name, UNI_FLAGS_NONE); + init_uni_hdr(&r_l->hdr_nb_dom_name, &r_l->uni_nb_dom_name); r_l->hdr_nb_dom_name.uni_max_len += 2; r_l->uni_nb_dom_name.uni_max_len += 1; } if (dns_name && *dns_name) { - init_uni_hdr(&r_l->hdr_dns_dom_name, strlen(dns_name)); - init_unistr2(&r_l->uni_dns_dom_name, dns_name, - strlen(dns_name)); + init_unistr2(&r_l->uni_dns_dom_name, dns_name, UNI_FLAGS_NONE); + init_uni_hdr(&r_l->hdr_dns_dom_name, &r_l->uni_dns_dom_name); r_l->hdr_dns_dom_name.uni_max_len += 2; r_l->uni_dns_dom_name.uni_max_len += 1; } if (forest_name && *forest_name) { - init_uni_hdr(&r_l->hdr_forest_name, strlen(forest_name)); - init_unistr2(&r_l->uni_forest_name, forest_name, - strlen(forest_name)); + init_unistr2(&r_l->uni_forest_name, forest_name, UNI_FLAGS_NONE); + init_uni_hdr(&r_l->hdr_forest_name, &r_l->uni_forest_name); r_l->hdr_forest_name.uni_max_len += 2; r_l->uni_forest_name.uni_max_len += 1; } @@ -774,13 +773,13 @@ NTSTATUS _lsa_enum_privs(pipes_struct *p, LSA_Q_ENUM_PRIVS *q_u, LSA_R_ENUM_PRIV for (i = 0; i < PRIV_ALL_INDEX; i++, entry++) { if( ihdr_name, 0); - init_unistr2(&entry->name, NULL, 0 ); + init_unistr2(&entry->name, NULL, UNI_FLAGS_NONE); + init_uni_hdr(&entry->hdr_name, &entry->name); entry->luid_low = 0; entry->luid_high = 0; } else { - init_uni_hdr(&entry->hdr_name, strlen(privs[i+1].priv)); - init_unistr2(&entry->name, privs[i+1].priv, strlen(privs[i+1].priv) ); + init_unistr2(&entry->name, privs[i+1].priv, UNI_FLAGS_NONE); + init_uni_hdr(&entry->hdr_name, &entry->name); entry->luid_low = privs[i+1].se_priv; entry->luid_high = 0; } @@ -822,8 +821,8 @@ NTSTATUS _lsa_priv_get_dispname(pipes_struct *p, LSA_Q_PRIV_GET_DISPNAME *q_u, L if (privs[i].se_priv!=SE_PRIV_ALL) { DEBUG(10,(": %s\n", privs[i].description)); - init_uni_hdr(&r_u->hdr_desc, strlen(privs[i].description)); - init_unistr2(&r_u->desc, privs[i].description, strlen(privs[i].description) ); + init_unistr2(&r_u->desc, privs[i].description, UNI_FLAGS_NONE); + init_uni_hdr(&r_u->hdr_desc, &r_u->desc); r_u->ptr_info=0xdeadbeef; r_u->lang_id=q_u->lang_id; @@ -890,7 +889,6 @@ NTSTATUS _lsa_enum_accounts(pipes_struct *p, LSA_Q_ENUM_ACCOUNTS *q_u, LSA_R_ENU NTSTATUS _lsa_unk_get_connuser(pipes_struct *p, LSA_Q_UNK_GET_CONNUSER *q_u, LSA_R_UNK_GET_CONNUSER *r_u) { fstring username, domname; - int ulen, dlen; user_struct *vuser = get_valid_user_struct(p->vuid); if (vuser == NULL) @@ -899,18 +897,15 @@ NTSTATUS _lsa_unk_get_connuser(pipes_struct *p, LSA_Q_UNK_GET_CONNUSER *q_u, LSA fstrcpy(username, vuser->user.smb_name); fstrcpy(domname, vuser->user.domain); - ulen = strlen(username) + 1; - dlen = strlen(domname) + 1; - - init_uni_hdr(&r_u->hdr_user_name, ulen); r_u->ptr_user_name = 1; - init_unistr2(&r_u->uni2_user_name, username, ulen); + init_unistr2(&r_u->uni2_user_name, username, UNI_STR_TERMINATE); + init_uni_hdr(&r_u->hdr_user_name, &r_u->uni2_user_name); r_u->unk1 = 1; - init_uni_hdr(&r_u->hdr_dom_name, dlen); r_u->ptr_dom_name = 1; - init_unistr2(&r_u->uni2_dom_name, domname, dlen); + init_unistr2(&r_u->uni2_dom_name, domname, UNI_STR_TERMINATE); + init_uni_hdr(&r_u->hdr_dom_name, &r_u->uni2_dom_name); r_u->status = NT_STATUS_OK; diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 828e07c1ad..71e5bc7d70 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -719,7 +719,7 @@ static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UN for (i = 0; i < num_entries; i++) { pwd = &disp_user_info[i+start_idx]; temp_name = pdb_get_username(pwd); - init_unistr2(&uni_temp_name, temp_name, strlen(temp_name)+1); + init_unistr2(&uni_temp_name, temp_name, UNI_STR_TERMINATE); user_sid = pdb_get_user_sid(pwd); if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) { @@ -731,7 +731,7 @@ static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UN return NT_STATUS_UNSUCCESSFUL; } - init_sam_entry(&sam[i], uni_temp_name.uni_str_len, user_rid); + init_sam_entry(&sam[i], &uni_temp_name, user_rid); copy_unistr2(&uni_name[i], &uni_temp_name); } @@ -865,10 +865,8 @@ static void make_group_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UNIST /* * JRA. I think this should include the null. TNG does not. */ - int len = strlen(grp[i].name)+1; - - init_sam_entry(&sam[i], len, grp[i].rid); - init_unistr2(&uni_name[i], grp[i].name, len); + init_unistr2(&uni_name[i], grp[i].name, UNI_STR_TERMINATE); + init_sam_entry(&sam[i], &uni_name[i], grp[i].rid); } *sam_pp = sam; @@ -1580,10 +1578,9 @@ static BOOL make_samr_lookup_rids(TALLOC_CTX *ctx, uint32 num_names, fstring nam } for (i = 0; i < num_names; i++) { - int len = names[i] != NULL ? strlen(names[i]) : 0; - DEBUG(10, ("names[%d]:%s\n", i, names[i])); - init_uni_hdr(&hdr_name[i], len); - init_unistr2(&uni_name[i], names[i], len); + DEBUG(10, ("names[%d]:%s\n", i, names[i] ? names[i] : "")); + init_unistr2(&uni_name[i], names[i], UNI_FLAGS_NONE); + init_uni_hdr(&hdr_name[i], &uni_name[i]); } *pp_uni_name = uni_name; @@ -2570,10 +2567,8 @@ static BOOL make_enum_domains(TALLOC_CTX *ctx, SAM_ENTRY **pp_sam, return False; for (i = 0; i < num_sam_entries; i++) { - int len = doms[i] != NULL ? strlen(doms[i]) : 0; - - init_sam_entry(&sam[i], len, 0); - init_unistr2(&uni_name[i], doms[i], len); + init_unistr2(&uni_name[i], doms[i], UNI_FLAGS_NONE); + init_sam_entry(&sam[i], &uni_name[i], 0); } *pp_sam = sam; diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 7159527a7d..493f58f8a8 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -690,7 +690,7 @@ static void notify_string(struct spoolss_notify_msg *msg, /* The length of the message includes the trailing \0 */ - init_unistr2(&unistr, msg->notify.data, msg->len); + init_unistr2(&unistr, msg->notify.data, UNI_STR_TERMINATE); data->notify_data.data.length = msg->len * 2; data->notify_data.data.string = (uint16 *)talloc(mem_ctx, msg->len * 2); @@ -6121,7 +6121,7 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level, */ if (!strequal(printer->info_2->comment, old_printer->info_2->comment)) { - init_unistr2( &buffer, printer->info_2->comment, strlen(printer->info_2->comment)+1 ); + init_unistr2( &buffer, printer->info_2->comment, UNI_STR_TERMINATE); set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "description", REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 ); @@ -6129,7 +6129,7 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level, } if (!strequal(printer->info_2->sharename, old_printer->info_2->sharename)) { - init_unistr2( &buffer, printer->info_2->sharename, strlen(printer->info_2->sharename)+1 ); + init_unistr2( &buffer, printer->info_2->sharename, UNI_STR_TERMINATE); set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "printerName", REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 ); set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "shareName", @@ -6139,7 +6139,7 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level, } if (!strequal(printer->info_2->portname, old_printer->info_2->portname)) { - init_unistr2( &buffer, printer->info_2->portname, strlen(printer->info_2->portname)+1 ); + init_unistr2( &buffer, printer->info_2->portname, UNI_STR_TERMINATE); set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "portName", REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 ); @@ -6147,7 +6147,7 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level, } if (!strequal(printer->info_2->location, old_printer->info_2->location)) { - init_unistr2( &buffer, printer->info_2->location, strlen(printer->info_2->location)+1 ); + init_unistr2( &buffer, printer->info_2->location, UNI_STR_TERMINATE); set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "location", REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 ); @@ -6157,7 +6157,7 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level, /* here we need to update some more DsSpooler keys */ /* uNCName, serverName, shortServerName */ - init_unistr2( &buffer, global_myname(), strlen(global_myname())+1 ); + init_unistr2( &buffer, global_myname(), UNI_STR_TERMINATE); set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "serverName", REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 ); set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "shortServerName", @@ -6165,7 +6165,7 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level, slprintf( asc_buffer, sizeof(asc_buffer)-1, "\\\\%s\\%s", global_myname(), printer->info_2->sharename ); - init_unistr2( &buffer, asc_buffer, strlen(asc_buffer)+1 ); + init_unistr2( &buffer, asc_buffer, UNI_STR_TERMINATE); set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "uNCName", REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 ); -- cgit