[NTLMSSP] s3: Fix some valgrind errors

Volker Lendecke Volker.Lendecke at SerNet.DE
Tue Jun 22 03:17:24 MDT 2010

On Mon, Jun 21, 2010 at 11:06:30PM +1000, Andrew Bartlett wrote:
> Indeed, the problem here is actually quite subtle, and as you have
> noticed these structures cannot be parsed using the information on the
> wire alone - the previous state of the negotiation is required to
> understand the format of the strings at the stage that the strings
> appear in the structure.
> The problem is that some of the pointers to strings appear before the
> NegotiateFlags that we want to use to know if they are ASCII or
> Unicode. 
> We actually parse the strings later - but by then we have acted on the
> yet to be parsed values.
> Your fix is correct (but a comment explaining this would be good) - to
> know in the handling of the Authenticate packet the agreed state of the
> negotiation, from the Negotiate and Challenge packets, and therefore not
> need to read the wire flags too early.  An additional 'belts and braces'
> would be to assert that the final flags are equal (at least for the
> Unicode) bit, but no real client uses ASCII here anyway. 

Thanks for looking. I was not sure I caught the right flags
variable to initialize r->NegotiateFlags with.

> I'm sorry I didn't write about this to the list before, as I came across
> this when ensuring s3compat was valgrind clean.  (I think I just
> mentioned it to gd).  

I've seen those valgrind errors a lot myself, and I remember
you mentioning it on irc. But it was not until yesterday
night that I said "screw it, I want to understand this" :-)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100622/0be8fd83/attachment.pgp>

More information about the samba-technical mailing list