[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Fri Jan 29 08:03:15 MST 2010
The branch, master has been updated
via 6442b0f... libcli/nbt: fix off-by-one bug in ndr_pull_wrepl_nbt_name()
via c50a17c... libcli/nbt: fix ndr_pull/push_wrepl_nbt_name()
from a20b43f... s3: link thread objects in libsmbclient only and adjust linker flags
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6442b0fcc1931c9b41dd66b3450a216f673d4fe2
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jan 28 18:58:23 2010 +0100
libcli/nbt: fix off-by-one bug in ndr_pull_wrepl_nbt_name()
The scope starts at byte 17 with index 16.
metze
commit c50a17cc8d6bc23f03c3d44ceccebce06417ba21
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jan 28 18:52:46 2010 +0100
libcli/nbt: fix ndr_pull/push_wrepl_nbt_name()
[MS-WINSRA] â v20091104 was wrong
regarding section "2.2.10.1 Name Record"
If the name buffer is already 4 byte aligned
Windows (at least 2003 SP1 and 2008) add 4 extra
bytes. This can happen when the name has a scope.
metze
-----------------------------------------------------------------------
Summary of changes:
libcli/nbt/nbtname.c | 29 +++++++++++++++++++++++++++--
1 files changed, 27 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/nbt/nbtname.c b/libcli/nbt/nbtname.c
index 338cb21..792b340 100644
--- a/libcli/nbt/nbtname.c
+++ b/libcli/nbt/nbtname.c
@@ -517,6 +517,19 @@ _PUBLIC_ enum ndr_err_code ndr_pull_wrepl_nbt_name(struct ndr_pull *ndr, int ndr
NDR_PULL_ALLOC_N(ndr, namebuf, namebuf_len);
NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, namebuf, namebuf_len));
+ if ((namebuf_len % 4) == 0) {
+ /*
+ * [MS-WINSRA] â v20091104 was wrong
+ * regarding section "2.2.10.1 Name Record"
+ *
+ * If the name buffer is already 4 byte aligned
+ * Windows (at least 2003 SP1 and 2008) add 4 extra
+ * bytes. This can happen when the name has a scope.
+ */
+ uint32_t pad;
+ NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &pad));
+ }
+
NDR_PULL_ALLOC(ndr, r);
/* oh wow, what a nasty bug in windows ... */
@@ -545,8 +558,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_wrepl_nbt_name(struct ndr_pull *ndr, int ndr
r->name = talloc_strdup(r, (char *)namebuf);
if (!r->name) return ndr_pull_error(ndr, NDR_ERR_ALLOC, "out of memory");
- if (namebuf_len > 18) {
- r->scope = talloc_strndup(r, (char *)(namebuf+17), namebuf_len-17);
+ if (namebuf_len > 17) {
+ r->scope = talloc_strndup(r, (char *)(namebuf+16), namebuf_len-17);
if (!r->scope) return ndr_pull_error(ndr, NDR_ERR_ALLOC, "out of memory");
} else {
r->scope = NULL;
@@ -615,6 +628,18 @@ _PUBLIC_ enum ndr_err_code ndr_push_wrepl_nbt_name(struct ndr_push *ndr, int ndr
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, namebuf_len));
NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, namebuf, namebuf_len));
+ if ((namebuf_len % 4) == 0) {
+ /*
+ * [MS-WINSRA] â v20091104 was wrong
+ * regarding section "2.2.10.1 Name Record"
+ *
+ * If the name buffer is already 4 byte aligned
+ * Windows (at least 2003 SP1 and 2008) add 4 extra
+ * bytes. This can happen when the name has a scope.
+ */
+ NDR_CHECK(ndr_push_zero(ndr, 4));
+ }
+
talloc_free(namebuf);
return NDR_ERR_SUCCESS;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list