From 1876b5a7e33a1376a5e275a52f8fbab69fa82ab6 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 29 Jan 2010 16:41:53 -0800 Subject: Fix a really interesting problem found by Volker's conversion of sessionsetup SPNEGO to asynchronous code. Normally clistr_push_fn() can depend upon cli->outbuf being initialized by negprot and sessionsetup packets, and cli->outbuf[smb_flgs2] being correctly set with FLAGS2_UNICODE_STRINGS when cli_setup_packet() is called. When all the sessionsetups are async, then cli_setup_packet() is never called, the async code uses cli_setup_packet_buf() - which initializes the allocated async buffer, not the cli->outbuf one. So the first time clistr_push_fn() is called is from libsmb/clidfs.c:cli_dfs_get_referral(), just after the connection and tconX. In this case cli->outbuf has never been initialized, and cli->outbuf[smb_flgs2] = 0 so the DFS query pushes ASCII on the wire, which is not what we want :-). Remove the dependency on cli->outbuf[smb_flgs2] in clistr_push_fn(), and fake up a SVAL(cli->outbuf, smb_flg2) value using cli_ucs2(cli) function instead, which has been initialized. We only care about the FLAGS2_UNICODE_STRINGS bit anyway. I don't think this is an issue for 3.5.0 as the sessionsetup is still synchronous there, but Volker PLEASE CHECK ! Jeremy. --- source3/libsmb/clistr.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3') diff --git a/source3/libsmb/clistr.c b/source3/libsmb/clistr.c index 1f296ebd099..4e490913123 100644 --- a/source3/libsmb/clistr.c +++ b/source3/libsmb/clistr.c @@ -34,12 +34,12 @@ size_t clistr_push_fn(const char *function, DEBUG(0, ("Pushing string of 'unlimited' length into non-SMB buffer!\n")); return push_string_base(function, line, cli->outbuf, - SVAL(cli->outbuf, smb_flg2), + (uint16_t)(cli_ucs2(cli) ? FLAGS2_UNICODE_STRINGS : 0), dest, src, -1, flags); } return push_string_base(function, line, cli->outbuf, - SVAL(cli->outbuf, smb_flg2), + (uint16_t)(cli_ucs2(cli) ? FLAGS2_UNICODE_STRINGS : 0), dest, src, cli->bufsize - buf_used, flags); } @@ -47,7 +47,7 @@ size_t clistr_push_fn(const char *function, /* 'normal' push into size-specified buffer */ return push_string_base(function, line, cli->outbuf, - SVAL(cli->outbuf, smb_flg2), + (uint16_t)(cli_ucs2(cli) ? FLAGS2_UNICODE_STRINGS : 0), dest, src, dest_len, flags); } -- cgit