From 0504d696f811399ba550be90d9e99be062c78327 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Sun, 20 Dec 1998 00:37:24 +0000 Subject: [PATCH] fix for potential lsass.exe crashing due to negative response from LsaLookupNames being incorrect. this is a bit wierd: why would the lsass.exe on the nt _client_ crash due to an LsaLookupNames response from a samba _server_? (This used to be commit a15a3f95f2a14ab164ca758e2145444a803190b2) --- source3/include/rpc_lsa.h | 2 +- source3/lsarpcd/srv_lsa.c | 2 +- source3/rpc_parse/parse_lsa.c | 50 +++++++++++++++++++---------------- source3/rpc_server/srv_lsa.c | 2 +- 4 files changed, 30 insertions(+), 26 deletions(-) diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h index 1df18a7674d..fd604235662 100644 --- a/source3/include/rpc_lsa.h +++ b/source3/include/rpc_lsa.h @@ -218,7 +218,7 @@ typedef struct dom_ref_info { uint32 undoc_buffer; /* undocumented buffer pointer. */ uint32 num_ref_doms_1; /* num referenced domains */ - uint32 undoc_buffer2; /* undocumented domain name buffer pointer. */ + uint32 ptr_ref_dom; /* pointer to referenced domains */ uint32 max_entries; /* 32 - max number of entries */ uint32 num_ref_doms_2; /* num referenced domains */ diff --git a/source3/lsarpcd/srv_lsa.c b/source3/lsarpcd/srv_lsa.c index 5f4f9fb929d..4db97f6d4c0 100644 --- a/source3/lsarpcd/srv_lsa.c +++ b/source3/lsarpcd/srv_lsa.c @@ -177,7 +177,7 @@ static int make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid) ref->undoc_buffer = 1; ref->num_ref_doms_1 = num+1; - ref->undoc_buffer2 = 1; + ref->ptr_ref_dom = 1; ref->max_entries = MAX_REF_DOMAINS; ref->num_ref_doms_2 = num+1; diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c index 0b294b84f33..239c0847afd 100644 --- a/source3/rpc_parse/parse_lsa.c +++ b/source3/rpc_parse/parse_lsa.c @@ -73,40 +73,44 @@ static void lsa_io_dom_r_ref(char *desc, DOM_R_REF *r_r, prs_struct *ps, int de prs_uint32("undoc_buffer ", ps, depth, &(r_r->undoc_buffer )); /* undocumented buffer pointer. */ prs_uint32("num_ref_doms_1", ps, depth, &(r_r->num_ref_doms_1)); /* num referenced domains? */ - prs_uint32("undoc_buffer2 ", ps, depth, &(r_r->undoc_buffer2 )); /* undocumented buffer pointer. */ + prs_uint32("ptr_ref_dom ", ps, depth, &(r_r->ptr_ref_dom )); /* undocumented buffer pointer. */ prs_uint32("max_entries ", ps, depth, &(r_r->max_entries )); /* 32 - max number of entries */ - prs_uint32("num_ref_doms_2", ps, depth, &(r_r->num_ref_doms_2)); /* 4 - num referenced domains? */ SMB_ASSERT_ARRAY(r_r->hdr_ref_dom, r_r->num_ref_doms_1); - SMB_ASSERT_ARRAY(r_r->ref_dom, r_r->num_ref_doms_2); - for (i = 0; i < r_r->num_ref_doms_1; i++) + if (r_r->ptr_ref_dom != 0) { - fstring t; + prs_uint32("num_ref_doms_2", ps, depth, &(r_r->num_ref_doms_2)); /* 4 - num referenced domains? */ + SMB_ASSERT_ARRAY(r_r->ref_dom, r_r->num_ref_doms_2); - slprintf(t, sizeof(t) - 1, "dom_ref[%d] ", i); - smb_io_unihdr(t, &(r_r->hdr_ref_dom[i].hdr_dom_name), ps, depth); - - slprintf(t, sizeof(t) - 1, "sid_ptr[%d] ", i); - prs_uint32(t, ps, depth, &(r_r->hdr_ref_dom[i].ptr_dom_sid)); - } - - for (i = 0, n = 0, s = 0; i < r_r->num_ref_doms_2; i++) - { - fstring t; - - if (r_r->hdr_ref_dom[i].hdr_dom_name.buffer != 0) + for (i = 0; i < r_r->num_ref_doms_1; i++) { + fstring t; + slprintf(t, sizeof(t) - 1, "dom_ref[%d] ", i); - smb_io_unistr2(t, &(r_r->ref_dom[n].uni_dom_name), True, ps, depth); /* domain name unicode string */ - n++; + smb_io_unihdr(t, &(r_r->hdr_ref_dom[i].hdr_dom_name), ps, depth); + + slprintf(t, sizeof(t) - 1, "sid_ptr[%d] ", i); + prs_uint32(t, ps, depth, &(r_r->hdr_ref_dom[i].ptr_dom_sid)); } - if (r_r->hdr_ref_dom[i].ptr_dom_sid != 0) + for (i = 0, n = 0, s = 0; i < r_r->num_ref_doms_2; i++) { - slprintf(t, sizeof(t) - 1, "sid_ptr[%d] ", i); - smb_io_dom_sid2("", &(r_r->ref_dom[s].ref_dom), ps, depth); /* referenced domain SIDs */ - s++; + fstring t; + + if (r_r->hdr_ref_dom[i].hdr_dom_name.buffer != 0) + { + slprintf(t, sizeof(t) - 1, "dom_ref[%d] ", i); + smb_io_unistr2(t, &(r_r->ref_dom[n].uni_dom_name), True, ps, depth); /* domain name unicode string */ + n++; + } + + if (r_r->hdr_ref_dom[i].ptr_dom_sid != 0) + { + slprintf(t, sizeof(t) - 1, "sid_ptr[%d] ", i); + smb_io_dom_sid2("", &(r_r->ref_dom[s].ref_dom), ps, depth); /* referenced domain SIDs */ + s++; + } } } } diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c index 5f4f9fb929d..4db97f6d4c0 100644 --- a/source3/rpc_server/srv_lsa.c +++ b/source3/rpc_server/srv_lsa.c @@ -177,7 +177,7 @@ static int make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid) ref->undoc_buffer = 1; ref->num_ref_doms_1 = num+1; - ref->undoc_buffer2 = 1; + ref->ptr_ref_dom = 1; ref->max_entries = MAX_REF_DOMAINS; ref->num_ref_doms_2 = num+1;