From 4ea92f30985466489a3b3faf5a1c90667175aad6 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 20 Feb 2006 23:22:56 +0000 Subject: r13581: Correctly parse a non-null terminated, little-endian UCS2 string in the PAC_LOGON_NAME structure. This was broken on big-endian machines (Solaris SPARC and ppc). Fixes Bug #3330. Jerry, this should be in 3.0.21c. Guenther (This used to be commit 9732490811f8f02ee547ddc6e2694e1122a3a518) --- source3/include/authdata.h | 2 +- source3/libads/authdata.c | 14 +++----------- source3/rpc_parse/parse_prs.c | 43 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 47 insertions(+), 12 deletions(-) diff --git a/source3/include/authdata.h b/source3/include/authdata.h index 194429ab673..7e047687b7d 100644 --- a/source3/include/authdata.h +++ b/source3/include/authdata.h @@ -42,7 +42,7 @@ typedef struct pac_logon_name { NTTIME logon_time; uint16 len; - uint16 *username; /* might not be null terminated, so not UNISTR */ + fstring username; } PAC_LOGON_NAME; typedef struct pac_signature_data { diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c index 55e736ce6ae..bb4236c4fcd 100644 --- a/source3/libads/authdata.c +++ b/source3/libads/authdata.c @@ -42,16 +42,7 @@ static BOOL pac_io_logon_name(const char *desc, PAC_LOGON_NAME *logon_name, if (!prs_uint16("len", ps, depth, &logon_name->len)) return False; - if (UNMARSHALLING(ps) && logon_name->len) { - logon_name->username = PRS_ALLOC_MEM(ps, uint16, logon_name->len); - if (!logon_name->username) { - DEBUG(3, ("No memory available\n")); - return False; - } - } - - if (!prs_uint16s(True, "name", ps, depth, logon_name->username, - (logon_name->len / sizeof(uint16)))) + if (!prs_string_len("name", ps, depth, logon_name->username, logon_name->len)) return False; return True; @@ -891,7 +882,8 @@ static void dump_pac_logon_info(PAC_LOGON_INFO *logon_info) { nt_status = NT_STATUS_INVALID_PARAMETER; goto out; } - rpcstr_pull(username, logon_name->username, sizeof(username), -1, STR_TERMINATE); + + rpcstr_pull(username, logon_name->username, sizeof(username), logon_name->len, 0); ret = smb_krb5_parse_name_norealm(context, username, &client_principal_pac); if (ret) { diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c index c4f9f512ab7..857a24cf0e0 100644 --- a/source3/rpc_parse/parse_prs.c +++ b/source3/rpc_parse/parse_prs.c @@ -1332,6 +1332,49 @@ BOOL prs_string_alloc(const char *name, prs_struct *ps, int depth, const char ** return True; } +/******************************************************************* + Stream a null-terminated string of fixed len. + ********************************************************************/ + +BOOL prs_string_len(const char *name, prs_struct *ps, int depth, char *str, int len) +{ + char *q; + int i; + BOOL charmode = True; + + q = prs_mem_get(ps, len+1); + if (q == NULL) + return False; + + for(i = 0; i < len; i++) { + if (UNMARSHALLING(ps)) + str[i] = q[i]; + else + q[i] = str[i]; + } + + /* The terminating null. */ + str[i] = '\0'; + + if (MARSHALLING(ps)) { + q[i] = '\0'; + } + + ps->data_offset += len+1; + + DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name)); + if (charmode) { + print_asc(5, (unsigned char*)str, len); + } else { + for (i = 0; i < len; i++) + DEBUG(5,("%04x ", str[i])); + } + DEBUG(5,("\n")); + + return True; +} + + /******************************************************************* prs_uint16 wrapper. Call this and it sets up a pointer to where the uint16 should be stored, or gets the size if reading. -- cgit