diff options
author | Luke Leighton <lkcl@samba.org> | 1998-10-27 15:03:47 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 1998-10-27 15:03:47 +0000 |
commit | 528c3d3e682ce85d8b041a1396e59f5229716e71 (patch) | |
tree | 6cf77109368d04a74e1bc381a0b4edfbf86da8dd | |
parent | 03893a1ab9f87965746fa3255c35337e0dabd8ae (diff) | |
download | samba-528c3d3e682ce85d8b041a1396e59f5229716e71.tar.gz samba-528c3d3e682ce85d8b041a1396e59f5229716e71.tar.xz samba-528c3d3e682ce85d8b041a1396e59f5229716e71.zip |
amazing. the improvements to NT continue, evidence for which shows up
now as "RPC fault" if the UNIHDR structure lengths do not exactly
match up to the length of the data stream.
so, all versions of samba prior to this one have an off-by-one bug
in unicode string lengths.
all versions of NT prior to NT 5 beta 2 could possibly have buffer
problems when receiving badly formatted UNICODE strings.
(This used to be commit 161eb6f511e161b63c1fa90a08c562fcf208344a)
-rw-r--r-- | source3/rpc_client/cli_netlogon.c | 1 | ||||
-rw-r--r-- | source3/rpc_parse/parse_misc.c | 18 | ||||
-rw-r--r-- | source3/rpc_parse/parse_net.c | 10 | ||||
-rw-r--r-- | source3/rpc_parse/parse_samr.c | 2 | ||||
-rw-r--r-- | source3/rpc_parse/parse_srv.c | 1 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr.c | 4 |
6 files changed, 19 insertions, 17 deletions
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index 721e2613591..d75ad6947fc 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -339,6 +339,7 @@ BOOL cli_net_sam_logon(struct cli_state *cli, NET_ID_INFO_CTR *ctr, ctr->switch_value)); memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds)); + dummy_rtn_creds.timestamp.time = time(NULL); /* store the parameters */ make_sam_info(&(q_s.sam_id), cli->srv_name_slash, global_myname, diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c index 5144ef8c311..4cb606688d4 100644 --- a/source3/rpc_parse/parse_misc.c +++ b/source3/rpc_parse/parse_misc.c @@ -395,7 +395,7 @@ void make_buf_unistr2(UNISTR2 *str, uint32 *ptr, char *buf) if (buf != NULL) { *ptr = 1; - make_unistr2(str, buf, strlen(buf)); + make_unistr2(str, buf, strlen(buf)+1); } else { @@ -475,10 +475,10 @@ creates a UNISTR2 structure. ********************************************************************/ void make_unistr2(UNISTR2 *str, char *buf, int len) { - /* set up string lengths. add one if string is not null-terminated */ - str->uni_max_len = len+1; + /* set up string lengths. */ + str->uni_max_len = len; str->undoc = 0; - str->uni_str_len = len+1; + str->uni_str_len = len; /* store the string (null-terminated 8 bit chars into 16 bit chars) */ struni2(str->buffer, buf); @@ -608,7 +608,7 @@ static void make_clnt_srv(DOM_CLNT_SRV *log, char *logon_srv, char *comp_name) if (logon_srv != NULL) { log->undoc_buffer = 1; - make_unistr2(&(log->uni_logon_srv), logon_srv, strlen(logon_srv)); + make_unistr2(&(log->uni_logon_srv), logon_srv, strlen(logon_srv)+1); } else { @@ -618,7 +618,7 @@ static void make_clnt_srv(DOM_CLNT_SRV *log, char *logon_srv, char *comp_name) if (comp_name != NULL) { log->undoc_buffer2 = 1; - make_unistr2(&(log->uni_comp_name), comp_name, strlen(comp_name)); + make_unistr2(&(log->uni_comp_name), comp_name, strlen(comp_name)+1); } else { @@ -665,12 +665,12 @@ void make_log_info(DOM_LOG_INFO *log, char *logon_srv, char *acct_name, log->undoc_buffer = 1; - make_unistr2(&(log->uni_logon_srv), logon_srv, strlen(logon_srv)); - make_unistr2(&(log->uni_acct_name), acct_name, strlen(acct_name)); + make_unistr2(&(log->uni_logon_srv), logon_srv, strlen(logon_srv)+1); + make_unistr2(&(log->uni_acct_name), acct_name, strlen(acct_name)+1); log->sec_chan = sec_chan; - make_unistr2(&(log->uni_comp_name), comp_name, strlen(comp_name)); + make_unistr2(&(log->uni_comp_name), comp_name, strlen(comp_name)+1); } /******************************************************************* diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c index d99c4baac6e..57fc73e516e 100644 --- a/source3/rpc_parse/parse_net.c +++ b/source3/rpc_parse/parse_net.c @@ -116,7 +116,7 @@ static void make_netinfo_2(NETLOGON_INFO_2 *info, uint32 flags, uint32 pdc_statu if (trusted_dc_name != NULL) { - make_unistr2(&(info->uni_trusted_dc_name), trusted_dc_name, len_dc_name); + make_unistr2(&(info->uni_trusted_dc_name), trusted_dc_name, len_dc_name+1); } else { @@ -294,7 +294,7 @@ void make_r_trust_dom(NET_R_TRUST_DOM_LIST *r_t, fstring domain_name; fstrcpy(domain_name, dom_name); strupper(domain_name); - make_unistr2(&(r_t->uni_trust_dom_name[i]), domain_name, strlen(domain_name)); + make_unistr2(&(r_t->uni_trust_dom_name[i]), domain_name, strlen(domain_name)+1); /* the use of UNISTR2 here is non-standard. */ r_t->uni_trust_dom_name[i].undoc = 0x1; } @@ -354,8 +354,8 @@ void make_q_req_chal(NET_Q_REQ_CHAL *q_c, q_c->undoc_buffer = 1; /* don't know what this buffer is */ - make_unistr2(&(q_c->uni_logon_srv ), logon_srv , strlen(logon_srv )); - make_unistr2(&(q_c->uni_logon_clnt), logon_clnt, strlen(logon_clnt)); + make_unistr2(&(q_c->uni_logon_srv ), logon_srv , strlen(logon_srv )+1); + make_unistr2(&(q_c->uni_logon_clnt), logon_clnt, strlen(logon_clnt)+1); memcpy(q_c->clnt_chal.data, clnt_chal->data, sizeof(clnt_chal->data)); @@ -377,7 +377,7 @@ void net_io_q_req_chal(char *desc, NET_Q_REQ_CHAL *q_c, prs_struct *ps, int dep prs_uint32("undoc_buffer", ps, depth, &(q_c->undoc_buffer)); - smb_io_unistr2("", &(q_c->uni_logon_srv), True, ps, depth); /* logon server unicode string */ + smb_io_unistr2("", &(q_c->uni_logon_srv ), True, ps, depth); /* logon server unicode string */ smb_io_unistr2("", &(q_c->uni_logon_clnt), True, ps, depth); /* logon client unicode string */ old_align = ps->align; diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index f09af387e48..ba6a8d35568 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -2694,7 +2694,7 @@ void make_samr_q_connect(SAMR_Q_CONNECT *q_u, /* make PDC server name \\server */ q_u->ptr_srv_name = len_srv_name > 0 ? 1 : 0; - make_unistr2(&(q_u->uni_srv_name), srv_name, len_srv_name); + make_unistr2(&(q_u->uni_srv_name), srv_name, len_srv_name+1); /* example values: 0x0000 0002 */ q_u->unknown_0 = unknown_0; diff --git a/source3/rpc_parse/parse_srv.c b/source3/rpc_parse/parse_srv.c index 27b1ec2257f..adc4249072e 100644 --- a/source3/rpc_parse/parse_srv.c +++ b/source3/rpc_parse/parse_srv.c @@ -1377,6 +1377,7 @@ static void srv_io_info_ctr(char *desc, SRV_INFO_CTR *ctr, prs_struct *ps, int break; } } + prs_align(ps); } } diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index 74d06d1bcae..034e4dd3365 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -418,7 +418,7 @@ static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u, got_grps = True; num_entries = 1; - make_unistr2(&(pass[0].uni_user_name), dummy_group, strlen(dummy_group)); + make_unistr2(&(pass[0].uni_user_name), dummy_group, strlen(dummy_group)-1); pass[0].user_rid = DOMAIN_GROUP_RID_ADMINS; if (r_e.status == 0 && got_grps) @@ -481,7 +481,7 @@ static void samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u, char *name; while (num_entries < MAX_SAM_ENTRIES && ((name = builtin_alias_rids[num_entries].name) != NULL)) { - make_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name)); + make_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name)-1); pass[num_entries].user_rid = builtin_alias_rids[num_entries].rid; num_entries++; } |