s3:libsmb: the workgroup in the non-extended-security negprot is not aligned (#8573)

author Stefan Metzmacher <metze@samba.org>

Fri, 4 Nov 2011 11:52:44 +0000 (12:52 +0100)

committer Karolin Seeger <kseeger@samba.org>

Wed, 9 Nov 2011 18:52:04 +0000 (19:52 +0100)
author Stefan Metzmacher <metze@samba.org>
Fri, 4 Nov 2011 11:52:44 +0000 (12:52 +0100)
committer Karolin Seeger <kseeger@samba.org>
Wed, 9 Nov 2011 18:52:04 +0000 (19:52 +0100)
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c

index 113b8a5f14448952b84760c07ae929d36b5cf8ae..f03219bb0be34dc18317bdc235b1209a2b3d638f 100644 (file)
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -2655,6 +2655,7 @@ static void cli_negprot_done(struct tevent_req *subreq)
         if (cli->protocol >= PROTOCOL_NT1) {    
                 struct timespec ts;
                 bool negotiated_smb_signing = false;
+               DATA_BLOB blob = data_blob_null;
  
                 if (wct != 0x11) {
                         tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
@@ -2680,13 +2681,29 @@ static void cli_negprot_done(struct tevent_req *subreq)
                 /* work out if they sent us a workgroup */
                 if (!(cli->capabilities & CAP_EXTENDED_SECURITY) &&
                     smb_buflen(inbuf) > 8) {
+                       blob = data_blob_const(bytes + 8, num_bytes - 8);
+               }
+
+               if (blob.length > 0) {
                         ssize_t ret;
-                       status = smb_bytes_talloc_string(
-                               cli, (char *)inbuf, &cli->server_domain,
-                               bytes + 8, num_bytes - 8, &ret);
-                       if (tevent_req_nterror(req, status)) {
+                       char *server_domain = NULL;
+
+                       ret = clistr_pull_talloc(cli,
+                                                (const char *)inbuf,
+                                                SVAL(inbuf, smb_flg2),
+                                                &server_domain,
+                                                (char *)blob.data,
+                                                blob.length,
+                                                STR_TERMINATE|
+                                                STR_UNICODE|
+                                                STR_NOALIGN);
+                       if (ret == -1) {
+                               tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
                                 return;
                         }
+                       if (server_domain) {
+                               cli->server_domain = server_domain;
+                       }
                 }
  
                 /*
author	Stefan Metzmacher <metze@samba.org>
	Fri, 4 Nov 2011 11:52:44 +0000 (12:52 +0100)
committer	Karolin Seeger <kseeger@samba.org>
	Wed, 9 Nov 2011 18:52:04 +0000 (19:52 +0100)