1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

changed the definition of dos_PutUniCode

the previous definition could result is us overflowing a buffer. The
null termination was always added yet the size returned did not
include the null termination.

the new function takes a BOOL null_terminate, and always returns the
total number of bytes consumed by the string.
(This used to be commit 426c904333)
This commit is contained in:
Andrew Tridgell 2000-03-27 12:38:45 +00:00
parent 6570b48d73
commit 18bc76a0c6
5 changed files with 19 additions and 20 deletions

View File

@ -477,7 +477,7 @@ char *string_truncate(char *s, int length);
/*The following definitions come from lib/util_unistr.c */ /*The following definitions come from lib/util_unistr.c */
int dos_PutUniCode(char *dst,const char *src, ssize_t len); int dos_PutUniCode(char *dst,const char *src, ssize_t len, BOOL null_terminate);
void ascii_to_unistr(uint16 *dest, const char *src, int maxlen); void ascii_to_unistr(uint16 *dest, const char *src, int maxlen);
void unistr_to_ascii(char *dest, const uint16 *src, int len); void unistr_to_ascii(char *dest, const uint16 *src, int len);
char *skip_unicode_string(char *buf,int n); char *skip_unicode_string(char *buf,int n);

View File

@ -46,11 +46,13 @@ static uint16 *ucs2_to_unixcp;
the current DOS codepage. len is the length in bytes of the the current DOS codepage. len is the length in bytes of the
string pointed to by dst. string pointed to by dst.
the return value is the length of the string *without* the trailing if null_terminate is True then null terminate the packet (adds 2 bytes)
two bytes of zero
the return value is the length consumed by the string, including the
null termination if applied
********************************************************************/ ********************************************************************/
int dos_PutUniCode(char *dst,const char *src, ssize_t len) int dos_PutUniCode(char *dst,const char *src, ssize_t len, BOOL null_terminate)
{ {
int ret = 0; int ret = 0;
while (*src && (len > 2)) { while (*src && (len > 2)) {
@ -74,7 +76,10 @@ int dos_PutUniCode(char *dst,const char *src, ssize_t len)
else else
src++; src++;
} }
if (null_terminate) {
SSVAL(dst,ret,0); SSVAL(dst,ret,0);
ret += 2;
}
return(ret); return(ret);
} }

View File

@ -759,8 +759,7 @@ BOOL lookup_pdc_name(const char *srcname, const char *domain, struct in_addr *pd
mailslot_name = bufp; mailslot_name = bufp;
bufp += (strlen(bufp) + 1); bufp += (strlen(bufp) + 1);
bufp = align2(bufp, buffer); bufp = align2(bufp, buffer);
dos_PutUniCode(bufp, srcname, sizeof(buffer) - (bufp - buffer) - 1); bufp += dos_PutUniCode(bufp, srcname, sizeof(buffer) - (bufp - buffer) - 1, True);
bufp = skip_unicode_string(bufp, 1);
SIVAL(bufp,0,1); SIVAL(bufp,0,1);
SSVAL(bufp,4,0xFFFF); SSVAL(bufp,4,0xFFFF);
SSVAL(bufp,6,0xFFFF); SSVAL(bufp,6,0xFFFF);

View File

@ -159,11 +159,8 @@ logons are not enabled.\n", inet_ntoa(p->ip) ));
{ {
q = align2(q, buf); q = align2(q, buf);
dos_PutUniCode(q, my_name, sizeof(pstring)); /* PDC name */ q += dos_PutUniCode(q, my_name, sizeof(pstring), True); /* PDC name */
q = skip_unicode_string(q, 1); q += dos_PutUniCode(q, global_myworkgroup,sizeof(pstring), True); /* Domain name*/
dos_PutUniCode(q, global_myworkgroup,sizeof(pstring)); /* Domain name*/
q = skip_unicode_string(q, 1);
SIVAL(q, 0, ntversion); SIVAL(q, 0, ntversion);
SSVAL(q, 4, lmnttoken); SSVAL(q, 4, lmnttoken);
@ -239,12 +236,10 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
} }
q += 2; q += 2;
dos_PutUniCode(q, reply_name,sizeof(pstring)); q += dos_PutUniCode(q, reply_name,sizeof(pstring), True);
q = skip_unicode_string(q, 1);
unistrcpy(q, uniuser); unistrcpy(q, uniuser);
q = skip_unicode_string(q, 1); /* User name (workstation trust account) */ q = skip_unicode_string(q, 1); /* User name (workstation trust account) */
dos_PutUniCode(q, lp_workgroup(),sizeof(pstring)); q += dos_PutUniCode(q, lp_workgroup(),sizeof(pstring), True);
q = skip_unicode_string(q, 1); /* Domain name. */
SIVAL(q, 0, ntversion); SIVAL(q, 0, ntversion);
q += 4; q += 4;

View File

@ -1179,7 +1179,7 @@ static int call_trans2qfsinfo(connection_struct *conn,
#endif /* Old code. */ #endif /* Old code. */
SIVAL(pdata,4,128); /* Max filename component length */ SIVAL(pdata,4,128); /* Max filename component length */
fstype_len = dos_PutUniCode(pdata+12,unix_to_dos(fstype,False),sizeof(pstring)/2); fstype_len = dos_PutUniCode(pdata+12,unix_to_dos(fstype,False),sizeof(pstring), False);
SIVAL(pdata,8,fstype_len); SIVAL(pdata,8,fstype_len);
data_len = 12 + fstype_len; data_len = 12 + fstype_len;
SSVAL(outbuf,smb_flg2,SVAL(outbuf,smb_flg2)|FLAGS2_UNICODE_STRINGS); SSVAL(outbuf,smb_flg2,SVAL(outbuf,smb_flg2)|FLAGS2_UNICODE_STRINGS);
@ -1209,7 +1209,7 @@ static int call_trans2qfsinfo(connection_struct *conn,
} else { } else {
data_len = 18 + 2*strlen(vname); data_len = 18 + 2*strlen(vname);
SIVAL(pdata,12,strlen(vname)*2); SIVAL(pdata,12,strlen(vname)*2);
dos_PutUniCode(pdata+18,unix_to_dos(vname,False),sizeof(pstring)/2); dos_PutUniCode(pdata+18,unix_to_dos(vname,False),sizeof(pstring), False);
} }
DEBUG(5,("call_trans2qfsinfo : SMB_QUERY_FS_VOLUME_INFO namelen = %d, vol = %s\n", DEBUG(5,("call_trans2qfsinfo : SMB_QUERY_FS_VOLUME_INFO namelen = %d, vol = %s\n",
@ -1480,7 +1480,7 @@ static int call_trans2qfilepathinfo(connection_struct *conn,
} }
strupper(short_name); strupper(short_name);
l = strlen(short_name); l = strlen(short_name);
dos_PutUniCode(pdata + 4, unix_to_dos(short_name,False),sizeof(pstring)*2); dos_PutUniCode(pdata + 4, unix_to_dos(short_name,False),sizeof(pstring), False);
data_size = 4 + (2*l); data_size = 4 + (2*l);
SIVAL(pdata,0,2*l); SIVAL(pdata,0,2*l);
} }
@ -1496,7 +1496,7 @@ static int call_trans2qfilepathinfo(connection_struct *conn,
if(strequal(".", fname) && (global_client_caps & CAP_UNICODE)) { if(strequal(".", fname) && (global_client_caps & CAP_UNICODE)) {
l = l*2; l = l*2;
SSVAL(outbuf,smb_flg2,SVAL(outbuf,smb_flg2)|FLAGS2_UNICODE_STRINGS); SSVAL(outbuf,smb_flg2,SVAL(outbuf,smb_flg2)|FLAGS2_UNICODE_STRINGS);
dos_PutUniCode(pdata + 4, unix_to_dos("\\",False),sizeof(pstring)*2); dos_PutUniCode(pdata + 4, unix_to_dos("\\",False),sizeof(pstring), False);
} else { } else {
pstrcpy(pdata+4,fname); pstrcpy(pdata+4,fname);
} }