off-by-one error in RNetShareEnum
Andrew Bartlett
abartlet at samba.org
Mon Oct 7 07:29:00 GMT 2002
Steve Langasek wrote:
>
> The attached patch fixes an annoying, but not dangerous, off-by-one
> error in the RNetShareEnum in smbd/lanman.c. push_ascii() already takes
> into account the null termination, so subtracting one from the size of
> the destination buffer leaves us one byte short for the full string.
> Although the truncation doesn't seem to matter much for the clients I've
> tested with, applying this patch certainly eliminates a lot of noise
> from the logfiles.
Generally considered 'a good thing' :-)
> Also, any time I give a password longer than 14 characters to smbclient,
> I get the same warning about truncated strings:
>
> convert_string: Required 28, available 15
>
> This is due to the usage of push_ascii() in
> libsmb/smbencrypt.c:E_deshash(). Since the return value of push_ascii()
> is discarded, I assume the error is also not fatal; so it seems to me
> that before 3.0 is released, this debug statement ought to be reduced in
> severity.
I'll fix this one up. We should probably push into an fstring, then
copy the first 14 chars. I think the LM hash is meant to be truncated
at 14, not null terminated, but I'll double-check.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical
mailing list