[SCM] Samba Shared Repository - branch master updated

Stefan Metzmacher metze at samba.org
Fri Jan 29 08:03:15 MST 2010 

The branch, master has been updated
       via  6442b0f... libcli/nbt: fix off-by-one bug in ndr_pull_wrepl_nbt_name()
       via  c50a17c... libcli/nbt: fix ndr_pull/push_wrepl_nbt_name()
      from  a20b43f... s3: link thread objects in libsmbclient only and adjust linker flags

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 6442b0fcc1931c9b41dd66b3450a216f673d4fe2
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Jan 28 18:58:23 2010 +0100

    libcli/nbt: fix off-by-one bug in ndr_pull_wrepl_nbt_name()
    
    The scope starts at byte 17 with index 16.
    
    metze

commit c50a17cc8d6bc23f03c3d44ceccebce06417ba21
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Jan 28 18:52:46 2010 +0100

    libcli/nbt: fix ndr_pull/push_wrepl_nbt_name()
    
    [MS-WINSRA] — v20091104 was wrong
    regarding section "2.2.10.1 Name Record"
    
    If the name buffer is already 4 byte aligned
    Windows (at least 2003 SP1 and 2008) add 4 extra
    bytes. This can happen when the name has a scope.
    
    metze

-----------------------------------------------------------------------

Summary of changes:
 libcli/nbt/nbtname.c |   29 +++++++++++++++++++++++++++--
 1 files changed, 27 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/nbt/nbtname.c b/libcli/nbt/nbtname.c
index 338cb21..792b340 100644
--- a/libcli/nbt/nbtname.c
+++ b/libcli/nbt/nbtname.c
@@ -517,6 +517,19 @@ _PUBLIC_ enum ndr_err_code ndr_pull_wrepl_nbt_name(struct ndr_pull *ndr, int ndr
 	NDR_PULL_ALLOC_N(ndr, namebuf, namebuf_len);
 	NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, namebuf, namebuf_len));
 
+	if ((namebuf_len % 4) == 0) {
+		/*
+		 * [MS-WINSRA] — v20091104 was wrong
+		 * regarding section "2.2.10.1 Name Record"
+		 *
+		 * If the name buffer is already 4 byte aligned
+		 * Windows (at least 2003 SP1 and 2008) add 4 extra
+		 * bytes. This can happen when the name has a scope.
+		 */
+		uint32_t pad;
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &pad));
+	}
+
 	NDR_PULL_ALLOC(ndr, r);
 
 	/* oh wow, what a nasty bug in windows ... */
@@ -545,8 +558,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_wrepl_nbt_name(struct ndr_pull *ndr, int ndr
 	r->name = talloc_strdup(r, (char *)namebuf);
 	if (!r->name) return ndr_pull_error(ndr, NDR_ERR_ALLOC, "out of memory");
 
-	if (namebuf_len > 18) {
-		r->scope = talloc_strndup(r, (char *)(namebuf+17), namebuf_len-17);
+	if (namebuf_len > 17) {
+		r->scope = talloc_strndup(r, (char *)(namebuf+16), namebuf_len-17);
 		if (!r->scope) return ndr_pull_error(ndr, NDR_ERR_ALLOC, "out of memory");
 	} else {
 		r->scope = NULL;
@@ -615,6 +628,18 @@ _PUBLIC_ enum ndr_err_code ndr_push_wrepl_nbt_name(struct ndr_push *ndr, int ndr
 	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, namebuf_len));
 	NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, namebuf, namebuf_len));
 
+	if ((namebuf_len % 4) == 0) {
+		/*
+		 * [MS-WINSRA] — v20091104 was wrong
+		 * regarding section "2.2.10.1 Name Record"
+		 *
+		 * If the name buffer is already 4 byte aligned
+		 * Windows (at least 2003 SP1 and 2008) add 4 extra
+		 * bytes. This can happen when the name has a scope.
+		 */
+		NDR_CHECK(ndr_push_zero(ndr, 4));
+	}
+
 	talloc_free(namebuf);
 	return NDR_ERR_SUCCESS;
 }


-- 
Samba Shared Repository

More information about the samba-cvs mailing list