[SCM] Samba Shared Repository - branch v3-6-test updated

Jeremy Allison jra at samba.org
Fri Mar 25 16:13:07 MDT 2011


The branch, v3-6-test has been updated
       via  00834d0 Fix bug 8040 - smbclient segfaults when a Cyrillic netbios name or workgroup is configured.
      from  0ad573f s3-netapi: fix memoryleak while not using talloc_tos() in cli_get_session_key() usage.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit 00834d05c41bbdebd737f1c4ebb8e04955e092ec
Author: Jeremy Allison <jra at samba.org>
Date:   Fri Mar 25 15:12:12 2011 -0700

    Fix bug 8040 - smbclient segfaults when a Cyrillic netbios name or workgroup is configured.
    
    As discovered by David Disseldorp <ddiss at suse.de>, convert_string_talloc()
    doesn't always return consistent results for a zero length string. The
    API states an incoming string must *always* contain the terminating null,
    but unfotunately too much code expects passing in a zero source length
    to return a null terminated string, so at least ensure we return a
    correct null string in the required character set and return the
    correct length.
    
    Also ensure we cannot return a zero length for a converted string
    (we ensure that the returned buffer is always allocated and zero
    terminated anyway) as calling code depends on the fact that returning
    true from this function will *always* return a non-zero length (as
    it must include the terminating null).
    
    Note this is a different fix from what went into master (this is
    identical to the fix I'm planning for 3.5.x) as convert_string_talloc()
    has diverged between the two.
    
    Jeremy.

-----------------------------------------------------------------------

Summary of changes:
 source3/lib/charcnv.c |   24 ++++++++++++++++++++++--
 1 files changed, 22 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/lib/charcnv.c b/source3/lib/charcnv.c
index 5b2149b..fd6cefe 100644
--- a/source3/lib/charcnv.c
+++ b/source3/lib/charcnv.c
@@ -456,14 +456,24 @@ bool convert_string_talloc(TALLOC_CTX *ctx, charset_t from, charset_t to,
 		errno = EINVAL;
 		return false;
 	}
+
 	if (srclen == 0) {
-		ob = talloc_strdup(ctx, "");
+		/* We really should treat this as an error, but
+		   there are too many callers that need this to
+		   return a NULL terminated string in the correct
+		   character set. */
+		if (to == CH_UTF16LE|| to == CH_UTF16BE || to == CH_UTF16MUNGED) {
+			destlen = 2;
+		} else {
+			destlen = 1;
+		}
+		ob = talloc_zero_array(ctx, char, destlen);
 		if (ob == NULL) {
 			errno = ENOMEM;
 			return false;
 		}
+		*converted_size = destlen;
 		*dest = ob;
-		*converted_size = 0;
 		return true;
 	}
 
@@ -560,6 +570,16 @@ bool convert_string_talloc(TALLOC_CTX *ctx, charset_t from, charset_t to,
 	ob[destlen] = '\0';
 	ob[destlen+1] = '\0';
 
+	/* Ensure we can never return a *converted_size of zero. */
+	if (destlen == 0) {
+		/* This can happen from a bad iconv "use_as_is:" call. */
+		if (to == CH_UTF16LE|| to == CH_UTF16BE || to == CH_UTF16MUNGED) {
+			destlen = 2;
+		} else {
+			destlen = 1;
+		}
+	}
+
 	*converted_size = destlen;
 	return true;
 


-- 
Samba Shared Repository


More information about the samba-cvs mailing list