mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
librpc/ndr: let ndr_push_string() let s_len == 0 result in d_len = 0
convert_string_talloc_handle() tries to play an the safe side
and always returns a null terminated array.
But for NDR we need to be correct on the wire...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 43648e95a5
)
This commit is contained in:
parent
9be924f907
commit
7734584c4f
@ -236,7 +236,10 @@ _PUBLIC_ enum ndr_err_code ndr_push_string(struct ndr_push *ndr, int ndr_flags,
|
||||
s_len++;
|
||||
}
|
||||
|
||||
if (!do_convert) {
|
||||
if (s_len == 0) {
|
||||
d_len = 0;
|
||||
dest = (uint8_t *)talloc_strdup(ndr, "");
|
||||
} else if (!do_convert) {
|
||||
d_len = s_len;
|
||||
dest = (uint8_t *)talloc_strndup(ndr, s, s_len);
|
||||
} else if (!convert_string_talloc(ndr, CH_UNIX, chset, s, s_len,
|
||||
|
1
selftest/knownfail.d/blackbox.ndrdump
Normal file
1
selftest/knownfail.d/blackbox.ndrdump
Normal file
@ -0,0 +1 @@
|
||||
^samba.tests.blackbox.ndrdump.samba.tests.blackbox.ndrdump.NdrDumpTests.test_ndrdump_fuzzed_NULL_struct_ntlmssp_CHALLENGE_MESSAGE
|
@ -1,2 +0,0 @@
|
||||
^samba4.local.ndr.ndr_string.ndr_string
|
||||
^samba4.local.ndr.system.iconv.ndr_string.ndr_string
|
Loading…
Reference in New Issue
Block a user