librpc/ndr: Use converted_size to determine if NULL termination was sent

This is better than doing a strlen() on the string, as that huristic
only worked for ASCII strings.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Jun  1 01:42:22 CEST 2011 on sn-devel-104

diff --git a/librpc/ndr/ndr_string.c b/librpc/ndr/ndr_string.c
index 207d55bb1b15ae902c0b24c576b8141251d50371..cf4d972072a5a80b5574efb244332c925bb09c03 100644 (file)
--- a/librpc/ndr/ndr_string.c
+++ b/librpc/ndr/ndr_string.c
@@ -143,11 +143,17 @@ _PUBLIC_ enum ndr_err_code ndr_pull_string(struct ndr_pull *ndr, int ndr_flags,
        NDR_PULL_NEED_BYTES(ndr, conv_src_len * byte_mul);
        if (conv_src_len == 0) {
                as = talloc_strdup(ndr->current_mem_ctx, "");
+               converted_size = 0;
        } else {
                if (!do_convert) {
                        as = talloc_strndup(ndr->current_mem_ctx,
                                            ndr->data + ndr->offset,
                                            conv_src_len);
+                       if (!as) {
+                               return ndr_pull_error(ndr, NDR_ERR_ALLOC,
+                                                     "Failed to talloc_strndup() in RAW8 ndr_string_pull()");
+                       }
+                       converted_size = MIN(strlen(as)+1, conv_src_len);
                } else if (!convert_string_talloc(ndr->current_mem_ctx, chset,
                                           CH_UNIX, ndr->data + ndr->offset,
                                           conv_src_len * byte_mul,
@@ -161,12 +167,12 @@ _PUBLIC_ enum ndr_err_code ndr_pull_string(struct ndr_pull *ndr, int ndr_flags,
        /* this is a way of detecting if a string is sent with the wrong
           termination */
        if (ndr->flags & LIBNDR_FLAG_STR_NOTERM) {
-               if (strlen(as) < conv_src_len) {
-                       DEBUG(6,("short string '%s'\n", as));
+               if (as && converted_size > 0 && as[converted_size-1] == '\0') {
+                       DEBUG(6,("short string '%s', sent with NULL termination despite NOTERM flag in IDL\n", as));
                }
        } else {
-               if (strlen(as) == conv_src_len) {
-                       DEBUG(6,("long string '%s'\n", as));
+               if (as && converted_size > 0 && as[converted_size-1] != '\0') {
+                       DEBUG(6,("long string '%s', send without NULL termination (which was expected)\n", as));
                }
        }