1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00
Jeremy Allison 1876b5a7e3 Fix a really interesting problem found by Volker's conversion of sessionsetup SPNEGO to asynchronous code.
Normally clistr_push_fn() can depend upon cli->outbuf being
initialized by negprot and sessionsetup packets, and cli->outbuf[smb_flgs2] being
correctly set with FLAGS2_UNICODE_STRINGS when cli_setup_packet() is called. When
all the sessionsetups are async, then cli_setup_packet() is never called, the async
code uses cli_setup_packet_buf() - which initializes the allocated async buffer,
not the cli->outbuf one. So the first time clistr_push_fn() is called is from
libsmb/clidfs.c:cli_dfs_get_referral(), just after the connection and tconX.
In this case cli->outbuf has never been initialized, and cli->outbuf[smb_flgs2] = 0
so the DFS query pushes ASCII on the wire, which is not what we want :-).

Remove the dependency on cli->outbuf[smb_flgs2] in clistr_push_fn(), and
fake up a SVAL(cli->outbuf, smb_flg2) value using cli_ucs2(cli) function
instead, which has been initialized. We only care about the FLAGS2_UNICODE_STRINGS
bit anyway.

I don't think this is an issue for 3.5.0 as the sessionsetup is still
synchronous there, but Volker PLEASE CHECK !

Jeremy.
2010-01-29 16:41:53 -08:00

97 lines
2.6 KiB
C

/*
Unix SMB/CIFS implementation.
client string routines
Copyright (C) Andrew Tridgell 2001
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
size_t clistr_push_fn(const char *function,
unsigned int line,
struct cli_state *cli,
void *dest,
const char *src,
int dest_len,
int flags)
{
size_t buf_used = PTR_DIFF(dest, cli->outbuf);
if (dest_len == -1) {
if (((ptrdiff_t)dest < (ptrdiff_t)cli->outbuf) || (buf_used > cli->bufsize)) {
DEBUG(0, ("Pushing string of 'unlimited' length into non-SMB buffer!\n"));
return push_string_base(function, line,
cli->outbuf,
(uint16_t)(cli_ucs2(cli) ? FLAGS2_UNICODE_STRINGS : 0),
dest, src, -1, flags);
}
return push_string_base(function, line,
cli->outbuf,
(uint16_t)(cli_ucs2(cli) ? FLAGS2_UNICODE_STRINGS : 0),
dest, src, cli->bufsize - buf_used,
flags);
}
/* 'normal' push into size-specified buffer */
return push_string_base(function, line,
cli->outbuf,
(uint16_t)(cli_ucs2(cli) ? FLAGS2_UNICODE_STRINGS : 0),
dest, src, dest_len, flags);
}
size_t clistr_pull_fn(const char *function,
unsigned int line,
const char *inbuf,
char *dest,
const void *src,
int dest_len,
int src_len,
int flags)
{
return pull_string_fn(function, line, inbuf,
SVAL(inbuf, smb_flg2), dest, src, dest_len,
src_len, flags);
}
size_t clistr_pull_talloc_fn(const char *function,
unsigned int line,
TALLOC_CTX *ctx,
const char *inbuf,
char **pp_dest,
const void *src,
int src_len,
int flags)
{
return pull_string_talloc_fn(function,
line,
ctx,
inbuf,
SVAL(inbuf, smb_flg2),
pp_dest,
src,
src_len,
flags);
}
size_t clistr_align_out(struct cli_state *cli, const void *p, int flags)
{
return align_string(cli->outbuf, (const char *)p, flags);
}
size_t clistr_align_in(struct cli_state *cli, const void *p, int flags)
{
return align_string(cli->inbuf, (const char *)p, flags);
}