s3: smbd - fix processing of packets with invalid DOS charset conversions.

author Jeremy Allison <jra@samba.org>

Wed, 11 Jun 2014 20:22:14 +0000 (13:22 -0700)

committer Karolin Seeger <kseeger@samba.org>

Mon, 23 Jun 2014 05:59:07 +0000 (07:59 +0200)
author Jeremy Allison <jra@samba.org>
Wed, 11 Jun 2014 20:22:14 +0000 (13:22 -0700)
committer Karolin Seeger <kseeger@samba.org>
Mon, 23 Jun 2014 05:59:07 +0000 (07:59 +0200)
diff --git a/source3/lib/charcnv.c b/source3/lib/charcnv.c

index d3f65ca4e245b432050f24bdbaf6722c8b006efe..d8cd2a57d351436cd44df11be6cd7092a2bcc955 100644 (file)
--- a/source3/lib/charcnv.c
+++ b/source3/lib/charcnv.c
@@ -822,7 +822,7 @@ size_t ucs2_align(const void *base_ptr, const void *p, int flags)
   **/
  size_t push_ascii(void *dest, const char *src, size_t dest_len, int flags)
  {
-       size_t src_len = strlen(src);
+       size_t src_len = 0;
         char *tmpbuf = NULL;
         size_t ret;
  
@@ -840,17 +840,21 @@ size_t push_ascii(void *dest, const char *src, size_t dest_len, int flags)
                 src = tmpbuf;
         }
  
+       src_len = strlen(src);
         if (flags & (STR_TERMINATE | STR_TERMINATE_ASCII)) {
                 src_len++;
         }
  
         ret = convert_string(CH_UNIX, CH_DOS, src, src_len, dest, dest_len, True);
-       if (ret == (size_t)-1 &&
-                       (flags & (STR_TERMINATE | STR_TERMINATE_ASCII))
-                       && dest_len > 0) {
-               ((char *)dest)[0] = '\0';
-       }
+
         SAFE_FREE(tmpbuf);
+       if (ret == (size_t)-1) {
+               if ((flags & (STR_TERMINATE | STR_TERMINATE_ASCII))
+                               && dest_len > 0) {
+                       ((char *)dest)[0] = '\0';
+               }
+               return 0;
+       }
         return ret;
  }
  
diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c

index d39d38ed72f80365ba45585e9eec4964f5786432..31c4cfe9b5edc016f4df91674c8b74e7090129b4 100644 (file)
--- a/source3/libsmb/clirap.c
+++ b/source3/libsmb/clirap.c
@@ -319,7 +319,7 @@ bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
                                 sizeof(param) - PTR_DIFF(p,param) - 1,
                                 STR_TERMINATE|STR_UPPER);
  
-               if (len == (size_t)-1) {
+               if (len == 0) {
                         SAFE_FREE(last_entry);
                         return false;
                 }
@@ -331,7 +331,7 @@ bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
                                         sizeof(param) - PTR_DIFF(p,param) - 1,
                                         STR_TERMINATE);
  
-                       if (len == (size_t)-1) {
+                       if (len == 0) {
                                 SAFE_FREE(last_entry);
                                 return false;
                         }
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c

index 3b4ec651b4c5cca04fcc8d7ffafaf69f284c4819..0f5d6da605c95a4558ba31f2d5e1c67a42efd159 100644 (file)
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -128,7 +128,7 @@ static int CopyExpanded(connection_struct *conn,
                 return 0;
         }
         l = push_ascii(*dst,buf,*p_space_remaining, STR_TERMINATE);
-       if (l == -1) {
+       if (l == 0) {
                 return 0;
         }
         (*dst) += l;
@@ -143,7 +143,7 @@ static int CopyAndAdvance(char **dst, char *src, int *n)
                 return 0;
         }
         l = push_ascii(*dst,src,*n, STR_TERMINATE);
-       if (l == -1) {
+       if (l == 0) {
                 return 0;
         }
         (*dst) += l;
author	Jeremy Allison <jra@samba.org>
	Wed, 11 Jun 2014 20:22:14 +0000 (13:22 -0700)
committer	Karolin Seeger <kseeger@samba.org>
	Mon, 23 Jun 2014 05:59:07 +0000 (07:59 +0200)
source3/lib/charcnv.c		patch \| blob \| history
source3/libsmb/clirap.c		patch \| blob \| history
source3/smbd/lanman.c		patch \| blob \| history