[SCM] Samba Shared Repository - branch master updated
David Disseldorp
ddiss at samba.org
Tue Nov 13 19:55:02 UTC 2018
The branch, master has been updated
via 3634e20c760 s3: lib: nmbname: Ensure we limit the NetBIOS name correctly. CID: 1433607
from 5a8583ed701 libcli/smb: don't overwrite status code
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3634e20c7603103b0f2e00e5b61cc63f905d780d
Author: Jeremy Allison <jra at samba.org>
Date: Mon Nov 12 11:37:31 2018 -0800
s3: lib: nmbname: Ensure we limit the NetBIOS name correctly. CID: 1433607
Firstly, make the exit condition from the loop explicit (we must
never write into byte n, where n >= sizeof(name->name).
Secondly ensure exiting from the loop that n==MAX_NETBIOSNAME_LEN,
as this is the sign of a correct NetBIOS name encoding (RFC1002)
in order to properly read the NetBIOS name type (which is always
encoded in byte 16 == name->name[15]).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Tue Nov 13 20:54:56 CET 2018 on sn-devel-144
-----------------------------------------------------------------------
Summary of changes:
source3/libsmb/nmblib.c | 34 +++++++++++++++++++++-------------
1 file changed, 21 insertions(+), 13 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libsmb/nmblib.c b/source3/libsmb/nmblib.c
index ef6177e5209..727939575a7 100644
--- a/source3/libsmb/nmblib.c
+++ b/source3/libsmb/nmblib.c
@@ -207,25 +207,33 @@ static int parse_nmb_name(char *inbuf,int ofs,int length, struct nmb_name *name)
unsigned char c1,c2;
c1 = ubuf[offset++]-'A';
c2 = ubuf[offset++]-'A';
- if ((c1 & 0xF0) || (c2 & 0xF0) || (n > sizeof(name->name)-1))
+ if ((c1 & 0xF0) || (c2 & 0xF0)) {
return(0);
+ }
+ if (n >= sizeof(name->name)) {
+ return 0;
+ }
name->name[n++] = (c1<<4) | c2;
m -= 2;
}
- name->name[n] = 0;
-
- if (n==MAX_NETBIOSNAME_LEN) {
- /* parse out the name type, its always
- * in the 16th byte of the name */
- name->name_type = ((unsigned char)name->name[15]) & 0xff;
-
- /* remove trailing spaces */
- name->name[15] = 0;
- n = 14;
- while (n && name->name[n]==' ')
- name->name[n--] = 0;
+ /*
+ * RFC1002: For a valid NetBIOS name, exiting from the above,
+ * n *must* be MAX_NETBIOSNAME_LEN (16).
+ */
+ if (n != MAX_NETBIOSNAME_LEN) {
+ return 0;
}
+ /* parse out the name type, its always
+ * in the 16th byte of the name */
+ name->name_type = ((unsigned char)name->name[15]) & 0xff;
+
+ /* remove trailing spaces */
+ name->name[15] = 0;
+ n = 14;
+ while (n && name->name[n]==' ')
+ name->name[n--] = 0;
+
/* now the domain parts (if any) */
n = 0;
while (ubuf[offset]) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list