From be77d9c60d17e0ef2ed0b51ea0814c42a41a40a3 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sat, 22 Nov 2003 11:49:22 +0000
Subject:  * fixed null terminated string handling

 * fixed nested relative offsets in push functions

the spoolss torture test now passes!
(This used to be commit 60ced76160e4f4e2b511ebbeec31130c8ebcdd22)
---
 source4/librpc/ndr/ndr_basic.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'source4/librpc/ndr/ndr_basic.c')

diff --git a/source4/librpc/ndr/ndr_basic.c b/source4/librpc/ndr/ndr_basic.c
index a3c4bc0aec..4d0be44a89 100644
--- a/source4/librpc/ndr/ndr_basic.c
+++ b/source4/librpc/ndr/ndr_basic.c
@@ -397,15 +397,20 @@ NTSTATUS ndr_pull_string(struct ndr_pull *ndr, int ndr_flags, const char **s)
 		break;
 
 	case LIBNDR_FLAG_STR_NULLTERM:
+		len1 = strnlen_w(ndr->data+ndr->offset, 
+				 (ndr->data_size - ndr->offset)/2);
+		if (len1*2+2 <= ndr->data_size - ndr->offset) {
+			len1++;
+		}
 		ret = convert_string_talloc(ndr->mem_ctx, CH_UCS2, CH_UNIX, 
 					    ndr->data+ndr->offset, 
-					    ndr->data_size - ndr->offset,
+					    len1*2,
 					    (const void **)s);
 		if (ret == -1) {
 			return ndr_pull_error(ndr, NDR_ERR_CHARCNV, 
 					      "Bad character conversion");
 		}
-		NDR_CHECK(ndr_pull_advance(ndr, ret));
+		NDR_CHECK(ndr_pull_advance(ndr, len1*2));
 		break;
 
 	case LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_LEN4|LIBNDR_FLAG_STR_SIZE4:
-- 
cgit