From 2da54a66b970917ca5290001af0f4ab7adf68460 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 17 Apr 2007 02:14:28 +0000 Subject: r22291: Fix off-by-one in tconX parsing. Jeremy. (This used to be commit bc6ac4feac8c62cda2b6151eb648d3d5979e8a95) --- source3/smbd/reply.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index eb4106b0c1..3d0f8a3ca8 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -469,13 +469,22 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt if (global_encrypted_passwords_negotiated) { password = data_blob(smb_buf(inbuf),passlen); + if (lp_security() == SEC_SHARE) { + /* + * Security = share always has a pad byte + * after the password. + */ + p = smb_buf(inbuf) + passlen + 1; + } else { + p = smb_buf(inbuf) + passlen; + } } else { password = data_blob(smb_buf(inbuf),passlen+1); /* Ensure correct termination */ - password.data[passlen]=0; + password.data[passlen]=0; + p = smb_buf(inbuf) + passlen + 1; } - p = smb_buf(inbuf) + passlen; p += srvstr_pull_buf(inbuf, path, p, sizeof(path), STR_TERMINATE); /* -- cgit