Fix a really interesting problem found by Volker's conversion of sessionsetup SPNEGO...

Normally clistr_push_fn() can depend upon cli->outbuf being
initialized by negprot and sessionsetup packets, and cli->outbuf[smb_flgs2] being
correctly set with FLAGS2_UNICODE_STRINGS when cli_setup_packet() is called. When
all the sessionsetups are async, then cli_setup_packet() is never called, the async
code uses cli_setup_packet_buf() - which initializes the allocated async buffer,
not the cli->outbuf one. So the first time clistr_push_fn() is called is from
libsmb/clidfs.c:cli_dfs_get_referral(), just after the connection and tconX.
In this case cli->outbuf has never been initialized, and cli->outbuf[smb_flgs2] = 0
so the DFS query pushes ASCII on the wire, which is not what we want :-).

Remove the dependency on cli->outbuf[smb_flgs2] in clistr_push_fn(), and
fake up a SVAL(cli->outbuf, smb_flg2) value using cli_ucs2(cli) function
instead, which has been initialized. We only care about the FLAGS2_UNICODE_STRINGS
bit anyway.

I don't think this is an issue for 3.5.0 as the sessionsetup is still
synchronous there, but Volker PLEASE CHECK !

Jeremy.

diff --git a/source3/libsmb/clistr.c b/source3/libsmb/clistr.c
index 1f296ebd099bb1df89c1f8c1f039a5c5227d9311..4e490913123e0d54facade4da7f7ab4b9cc3058f 100644 (file)
--- a/source3/libsmb/clistr.c
+++ b/source3/libsmb/clistr.c
@@ -34,12 +34,12 @@ size_t clistr_push_fn(const char *function,
                        DEBUG(0, ("Pushing string of 'unlimited' length into non-SMB buffer!\n"));
                        return push_string_base(function, line,
                                                cli->outbuf,
-                                               SVAL(cli->outbuf, smb_flg2),
+                                               (uint16_t)(cli_ucs2(cli) ? FLAGS2_UNICODE_STRINGS : 0),
                                                dest, src, -1, flags);
                }
                return push_string_base(function, line, 
                                        cli->outbuf,
-                                       SVAL(cli->outbuf, smb_flg2),
+                                       (uint16_t)(cli_ucs2(cli) ? FLAGS2_UNICODE_STRINGS : 0),
                                        dest, src, cli->bufsize - buf_used,
                                        flags);
        }
@@ -47,7 +47,7 @@ size_t clistr_push_fn(const char *function,
        /* 'normal' push into size-specified buffer */
        return push_string_base(function, line, 
                                cli->outbuf,
-                               SVAL(cli->outbuf, smb_flg2),
+                               (uint16_t)(cli_ucs2(cli) ? FLAGS2_UNICODE_STRINGS : 0),
                                dest, src, dest_len, flags);
 }