From ad2e243f8d196a448c2b307feb57a9141c200cd1 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 25 Mar 2011 14:37:29 -0700 Subject: Fix bug 8040 - smbclient segfaults when a Cyrillic netbios name or workgroup is configured. As discovered by David Disseldorp , convert_string_talloc() doesn't always return consistent results for a zero length string. The API states an incoming string must *always* contain the terminating null, but unfotunately too much code expects passing in a zero source length to return a null terminated string, so at least ensure we return a correct null string in the required character set and return the correct length. Also ensure we cannot return a zero length for a converted string (we ensure that the returned buffer is always allocated and zero terminated anyway) as calling code depends on the fact that returning true from this function will *always* return a non-zero length (as it must include the terminating null). Jeremy. Autobuild-User: Jeremy Allison Autobuild-Date: Fri Mar 25 23:25:40 CET 2011 on sn-devel-104 --- source3/lib/charcnv.c | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) (limited to 'source3') diff --git a/source3/lib/charcnv.c b/source3/lib/charcnv.c index 0be86ef828..f95442a49f 100644 --- a/source3/lib/charcnv.c +++ b/source3/lib/charcnv.c @@ -389,14 +389,24 @@ bool convert_string_talloc(TALLOC_CTX *ctx, charset_t from, charset_t to, errno = EINVAL; return false; } + if (srclen == 0) { - ob = talloc_strdup(ctx, ""); + /* We really should treat this as an error, but + there are too many callers that need this to + return a NULL terminated string in the correct + character set. */ + if (to == CH_UTF16LE|| to == CH_UTF16BE || to == CH_UTF16MUNGED) { + destlen = 2; + } else { + destlen = 1; + } + ob = talloc_zero_array(ctx, char, destlen); if (ob == NULL) { errno = ENOMEM; return false; } + *converted_size = destlen; *dest = ob; - *converted_size = 0; return true; } @@ -480,6 +490,17 @@ bool convert_string_talloc(TALLOC_CTX *ctx, charset_t from, charset_t to, ob[destlen] = '\0'; ob[destlen+1] = '\0'; + /* Ensure we can never return a *converted_size of zero. */ + if (destlen == 0) { + /* As we're now returning false on a bad smb_iconv call, + this should never happen. But be safe anyway. */ + if (to == CH_UTF16LE|| to == CH_UTF16BE || to == CH_UTF16MUNGED) { + destlen = 2; + } else { + destlen = 1; + } + } + *converted_size = destlen; return true; } -- cgit