samba-cvs.cvs
[Top] [All Lists]

[SCM] Samba Shared Repository - branch master updated

Subject: [SCM] Samba Shared Repository - branch master updated
From: Stefan Metzmacher
Date: Fri, 29 Jan 2010 09:03:15 -0600 CST
The branch, master has been updated
       via  6442b0f... libcli/nbt: fix off-by-one bug in 
ndr_pull_wrepl_nbt_name()
       via  c50a17c... libcli/nbt: fix ndr_pull/push_wrepl_nbt_name()
      from  a20b43f... s3: link thread objects in libsmbclient only and adjust 
linker flags

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 6442b0fcc1931c9b41dd66b3450a216f673d4fe2
Author: Stefan Metzmacher <metze@xxxxxxxxx>
Date:   Thu Jan 28 18:58:23 2010 +0100

    libcli/nbt: fix off-by-one bug in ndr_pull_wrepl_nbt_name()
    
    The scope starts at byte 17 with index 16.
    
    metze

commit c50a17cc8d6bc23f03c3d44ceccebce06417ba21
Author: Stefan Metzmacher <metze@xxxxxxxxx>
Date:   Thu Jan 28 18:52:46 2010 +0100

    libcli/nbt: fix ndr_pull/push_wrepl_nbt_name()
    
    [MS-WINSRA] â?? v20091104 was wrong
    regarding section "2.2.10.1 Name Record"
    
    If the name buffer is already 4 byte aligned
    Windows (at least 2003 SP1 and 2008) add 4 extra
    bytes. This can happen when the name has a scope.
    
    metze

-----------------------------------------------------------------------

Summary of changes:
 libcli/nbt/nbtname.c |   29 +++++++++++++++++++++++++++--
 1 files changed, 27 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/nbt/nbtname.c b/libcli/nbt/nbtname.c
index 338cb21..792b340 100644
--- a/libcli/nbt/nbtname.c
+++ b/libcli/nbt/nbtname.c
@@ -517,6 +517,19 @@ _PUBLIC_ enum ndr_err_code ndr_pull_wrepl_nbt_name(struct 
ndr_pull *ndr, int ndr
        NDR_PULL_ALLOC_N(ndr, namebuf, namebuf_len);
        NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, namebuf, namebuf_len));
 
+       if ((namebuf_len % 4) == 0) {
+               /*
+                * [MS-WINSRA] â?? v20091104 was wrong
+                * regarding section "2.2.10.1 Name Record"
+                *
+                * If the name buffer is already 4 byte aligned
+                * Windows (at least 2003 SP1 and 2008) add 4 extra
+                * bytes. This can happen when the name has a scope.
+                */
+               uint32_t pad;
+               NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &pad));
+       }
+
        NDR_PULL_ALLOC(ndr, r);
 
        /* oh wow, what a nasty bug in windows ... */
@@ -545,8 +558,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_wrepl_nbt_name(struct 
ndr_pull *ndr, int ndr
        r->name = talloc_strdup(r, (char *)namebuf);
        if (!r->name) return ndr_pull_error(ndr, NDR_ERR_ALLOC, "out of 
memory");
 
-       if (namebuf_len > 18) {
-               r->scope = talloc_strndup(r, (char *)(namebuf+17), 
namebuf_len-17);
+       if (namebuf_len > 17) {
+               r->scope = talloc_strndup(r, (char *)(namebuf+16), 
namebuf_len-17);
                if (!r->scope) return ndr_pull_error(ndr, NDR_ERR_ALLOC, "out 
of memory");
        } else {
                r->scope = NULL;
@@ -615,6 +628,18 @@ _PUBLIC_ enum ndr_err_code ndr_push_wrepl_nbt_name(struct 
ndr_push *ndr, int ndr
        NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, namebuf_len));
        NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, namebuf, namebuf_len));
 
+       if ((namebuf_len % 4) == 0) {
+               /*
+                * [MS-WINSRA] â?? v20091104 was wrong
+                * regarding section "2.2.10.1 Name Record"
+                *
+                * If the name buffer is already 4 byte aligned
+                * Windows (at least 2003 SP1 and 2008) add 4 extra
+                * bytes. This can happen when the name has a scope.
+                */
+               NDR_CHECK(ndr_push_zero(ndr, 4));
+       }
+
        talloc_free(namebuf);
        return NDR_ERR_SUCCESS;
 }


-- 
Samba Shared Repository

<Prev in Thread] Current Thread [Next in Thread>