Author: jra Date: 2006-02-21 03:09:03 +0000 (Tue, 21 Feb 2006) New Revision: 13586
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13586 Log: Sorry Gunther, had to revert this. It's got a buffer overrun. Spoke to Jerry about the correct fix. Will add this after. Jeremy. Modified: trunk/source/include/authdata.h trunk/source/libads/authdata.c trunk/source/rpc_parse/parse_prs.c Changeset: Modified: trunk/source/include/authdata.h =================================================================== --- trunk/source/include/authdata.h 2006-02-21 03:08:42 UTC (rev 13585) +++ trunk/source/include/authdata.h 2006-02-21 03:09:03 UTC (rev 13586) @@ -42,7 +42,7 @@ typedef struct pac_logon_name { NTTIME logon_time; uint16 len; - fstring username; + uint16 *username; /* might not be null terminated, so not UNISTR */ } PAC_LOGON_NAME; typedef struct pac_signature_data { Modified: trunk/source/libads/authdata.c =================================================================== --- trunk/source/libads/authdata.c 2006-02-21 03:08:42 UTC (rev 13585) +++ trunk/source/libads/authdata.c 2006-02-21 03:09:03 UTC (rev 13586) @@ -42,7 +42,16 @@ if (!prs_uint16("len", ps, depth, &logon_name->len)) return False; - if (!prs_string_len("name", ps, depth, logon_name->username, logon_name->len)) + if (UNMARSHALLING(ps) && logon_name->len) { + logon_name->username = PRS_ALLOC_MEM(ps, uint16, logon_name->len); + if (!logon_name->username) { + DEBUG(3, ("No memory available\n")); + return False; + } + } + + if (!prs_uint16s(True, "name", ps, depth, logon_name->username, + (logon_name->len / sizeof(uint16)))) return False; return True; @@ -882,9 +891,8 @@ nt_status = NT_STATUS_INVALID_PARAMETER; goto out; } + rpcstr_pull(username, logon_name->username, sizeof(username), -1, STR_TERMINATE); - rpcstr_pull(username, logon_name->username, sizeof(username), logon_name->len, 0); - ret = smb_krb5_parse_name_norealm(context, username, &client_principal_pac); if (ret) { DEBUG(2,("decode_pac_data: Could not parse name from incoming PAC: [%s]: %s\n", Modified: trunk/source/rpc_parse/parse_prs.c =================================================================== --- trunk/source/rpc_parse/parse_prs.c 2006-02-21 03:08:42 UTC (rev 13585) +++ trunk/source/rpc_parse/parse_prs.c 2006-02-21 03:09:03 UTC (rev 13586) @@ -1333,49 +1333,6 @@ } /******************************************************************* - Stream a null-terminated string of fixed len. - ********************************************************************/ - -BOOL prs_string_len(const char *name, prs_struct *ps, int depth, char *str, int len) -{ - char *q; - int i; - BOOL charmode = True; - - q = prs_mem_get(ps, len+1); - if (q == NULL) - return False; - - for(i = 0; i < len; i++) { - if (UNMARSHALLING(ps)) - str[i] = q[i]; - else - q[i] = str[i]; - } - - /* The terminating null. */ - str[i] = '\0'; - - if (MARSHALLING(ps)) { - q[i] = '\0'; - } - - ps->data_offset += len+1; - - DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name)); - if (charmode) { - print_asc(5, (unsigned char*)str, len); - } else { - for (i = 0; i < len; i++) - DEBUG(5,("%04x ", str[i])); - } - DEBUG(5,("\n")); - - return True; -} - - -/******************************************************************* prs_uint16 wrapper. Call this and it sets up a pointer to where the uint16 should be stored, or gets the size if reading. ********************************************************************/
