[PATCH] s4:dsdb/common: samdb_result_parameters: fix bug in ldb_val to lsa_BinaryString conversation

Andrew Bartlett abartlet at samba.org
Mon Jun 2 15:48:48 MDT 2014 

On Tue, 2014-05-27 at 06:37 +0200, Stefan Gohmann wrote:
> Hi Karmen,
> 
> Am 27.05.2014 03:24, schrieb Kamen Mazdrashki:
> > Hi Stefan,
> > 
> > 
> > On Mon, May 26, 2014 at 11:03 PM, Stefan Gohmann <gohmann at univention.de
> > <mailto:gohmann at univention.de>> wrote:
> > 
> >     Hi Matthias,
> > 
> >     Am 26.05.2014 14 <tel:26.05.2014%2014>:09, schrieb Matthias Dieter
> >     Wallnöfer:
> >     > Hi Stefan,
> >     >
> >     > it seems that no other one responded. I think that this is rather a
> >     > problem with the "userParameters" attribute which we still do not
> >     parse
> >     > correctly I think.
> > 
> >     thanks. I've re-checked this issue.
> > 
> >     In my case the userParameters attribute is 105 bytes long. I think the
> >     problem is that the length is odd and so there is one byte missing.
> > 
> >     I was able to reproduce this issue while setting userParameters for a
> >     user to the following value:
> > 
> >     userParameters::
> >     Q3R4Q2ZnUHJlc2VudCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUAIaCAFDdHhDZmdQcmVzZW5045S15pSx5oiw44GiGAgBQ3R4Q2ZnRmxhZ3Mx44Cw44Gm44Cy44C5
> > 
> >     and run
> >       net user /domain username
> >     from a Windows client.
> > 
> >     Attached you'll find an updated patch which fixed the problem for me.
> > 
> > IMHO, the correct fix should be:
> > +s.array = talloc_array(mem_ctx, uint16_t, (val->length + 1) / 2);
> > so we don't allocate  an extra bytes in 'normal' scenario when length is
> > even.
> 
> you are right. Please find a new patch attached.

To be clear, I think this patch is wrong.  If userParameters is ODD,
then we need to return NT_STATUS_INTERNAL_DB_CORRUPTION, it can't be
represented with a UTF-16 wire string. 

(Then we need to dbcheck the database as described previously)

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list