bug in smbd/trans2.c

Thu Sep 28 02:20:03 GMT 2000

Hi,

This look like bug in smbd/trans2.c. (in 2.0.7, SAMBA_2_2, head) 
A Samba daemon sometimes send a wrong unicode length to clients.

It is happens when it convert multibyte to unicode string.
... 2*strlen(foo) is NOT the unicode length

~/work/samba/cvs/samba22/source/smbd$ diff -u trans2.c trans2.c.new

--- trans2.c	Sat May 27 02:10:40 2000
+++ trans2.c.new	Thu Sep 28 11:00:43 2000
@@ -1177,7 +1177,8 @@
       pstrcpy(pdata+4,vname);      
       break;
     case SMB_QUERY_FS_VOLUME_INFO:      
-
+     {
+      int vname_len;
       /* 
        * Add volume serial number - hash of a combination of
        * the called hostname and the service name.
@@ -1189,19 +1190,21 @@
        * delivered as ascii! (tridge && JRA)
        */
       if ((get_remote_arch() != RA_WIN2K) && (global_client_caps & CAP_NT_SMBS)) {
-	      data_len = 18 + strlen(vname);
-	      SIVAL(pdata,12,strlen(vname));
+	      vname_len = strlen(vname);
+	      data_len = 18 + vname_len;
+	      SIVAL(pdata,12,vname_len);
 	      pstrcpy(pdata+18,vname);      
       } else {
-	      data_len = 18 + 2*strlen(vname);
-	      SIVAL(pdata,12,strlen(vname)*2);
-	      dos_PutUniCode(pdata+18,unix_to_dos(vname,False),sizeof(pstring), False);
-		  SSVAL(outbuf,smb_flg2,SVAL(outbuf,smb_flg2)|FLAGS2_UNICODE_STRINGS);
+	      vname_len = dos_PutUniCode(pdata+18,unix_to_dos(vname,False),sizeof(pstring), False);
+              data_len = 18 + vname_len;
+              SIVAL(pdata,12,vname_len);
+	      SSVAL(outbuf,smb_flg2,SVAL(outbuf,smb_flg2)|FLAGS2_UNICODE_STRINGS);
       }
 
       DEBUG(5,("call_trans2qfsinfo : SMB_QUERY_FS_VOLUME_INFO namelen = %d, vol = %s\n", 
-	       (int)strlen(vname),vname));
+	       vname_len,vname));
       break;
+    }
     case SMB_QUERY_FS_SIZE_INFO:
     {
       SMB_BIG_UINT dfree,dsize,bsize;
@@ -1466,10 +1469,9 @@
             *short_name = '\0';
         }
         strupper(short_name);
-        l = strlen(short_name);
-        dos_PutUniCode(pdata + 4, unix_to_dos(short_name,False),sizeof(pstring), False);
-        data_size = 4 + (2*l);
-        SIVAL(pdata,0,2*l);
+        l = dos_PutUniCode(pdata + 4, unix_to_dos(short_name,False),sizeof(pstring), False);
+        data_size = 4 + l;
+        SIVAL(pdata,0,l);
       }
       break;
 
Hiroshi Miura  --- http://www.momokuri.org/  http://www.Hokkaid.org/
http://lkh.linux.or.jp/  http://www.samba.gr.jp/ http://alsa.linux.or.jp/ 
http://www.blue.gr.jp/  TLUG, TLUC-Kanto, YLUG-Diet, CLUG, Palm<->Linux
Powered by Tankiyo, Danke, SuiSui, Kisuke, SterBucks, DE STEIL


 


