r13585: Sorry Gunther, had to revert this. It's got a buffer

overrun. Spoke to Jerry about the correct fix. Will add
this after.
Jeremy.

diff --git a/source/include/authdata.h b/source/include/authdata.h
index 7e047687b7da7911cf25c8204f6de09b3b9efe40..194429ab673c446c19d261dfb7b6e962f95ebc20 100644 (file)
--- a/source/include/authdata.h
+++ b/source/include/authdata.h
@@ -42,7 +42,7 @@
 typedef struct pac_logon_name {
        NTTIME logon_time;
        uint16 len;
-       fstring username;
+       uint16 *username; /* might not be null terminated, so not UNISTR */
 } PAC_LOGON_NAME;
 
 typedef struct pac_signature_data {

diff --git a/source/libads/authdata.c b/source/libads/authdata.c
index bb4236c4fcdae500be96309dff36b5751c529714..55e736ce6aec058bad6c6a8a1c50edfc0493f607 100644 (file)
--- a/source/libads/authdata.c
+++ b/source/libads/authdata.c
@@ -42,7 +42,16 @@ static BOOL pac_io_logon_name(const char *desc, PAC_LOGON_NAME *logon_name,
        if (!prs_uint16("len", ps, depth, &logon_name->len))
                return False;
 
-       if (!prs_string_len("name", ps, depth, logon_name->username, logon_name->len))
+       if (UNMARSHALLING(ps) && logon_name->len) {
+               logon_name->username = PRS_ALLOC_MEM(ps, uint16, logon_name->len);
+               if (!logon_name->username) {
+                       DEBUG(3, ("No memory available\n"));
+                       return False;
+               }
+       }
+
+       if (!prs_uint16s(True, "name", ps, depth, logon_name->username, 
+                        (logon_name->len / sizeof(uint16))))
                return False;
 
        return True;
@@ -882,8 +891,7 @@ static void dump_pac_logon_info(PAC_LOGON_INFO *logon_info) {
                nt_status = NT_STATUS_INVALID_PARAMETER;
                goto out;
        }
-
-       rpcstr_pull(username, logon_name->username, sizeof(username), logon_name->len, 0);
+       rpcstr_pull(username, logon_name->username, sizeof(username), -1, STR_TERMINATE);
 
        ret = smb_krb5_parse_name_norealm(context, username, &client_principal_pac);
        if (ret) {

diff --git a/source/rpc_parse/parse_prs.c b/source/rpc_parse/parse_prs.c
index 857a24cf0e0b2405abde9912d6b5e84c0b2a2de6..c4f9f512ab72b6cce951f4ced13fbb176ca574fc 100644 (file)
--- a/source/rpc_parse/parse_prs.c
+++ b/source/rpc_parse/parse_prs.c
@@ -1332,49 +1332,6 @@ BOOL prs_string_alloc(const char *name, prs_struct *ps, int depth, const char **
        return True;
 }
 
-/*******************************************************************
- Stream a null-terminated string of fixed len.
- ********************************************************************/
-
-BOOL prs_string_len(const char *name, prs_struct *ps, int depth, char *str, int len)
-{
-       char *q;
-       int i;
-       BOOL charmode = True;
-
-       q = prs_mem_get(ps, len+1);
-       if (q == NULL)
-               return False;
-
-       for(i = 0; i < len; i++) {
-               if (UNMARSHALLING(ps))
-                       str[i] = q[i];
-               else
-                       q[i] = str[i];
-       }
-
-       /* The terminating null. */
-       str[i] = '\0';
-
-       if (MARSHALLING(ps)) {
-               q[i] = '\0';
-       }
-
-       ps->data_offset += len+1;
-       
-       DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
-       if (charmode) {
-               print_asc(5, (unsigned char*)str, len);
-       } else {
-               for (i = 0; i < len; i++)
-                       DEBUG(5,("%04x ", str[i]));
-       }
-       DEBUG(5,("\n"));
-
-       return True;
-}
-
-
 /*******************************************************************
  prs_uint16 wrapper. Call this and it sets up a pointer to where the
  uint16 should be stored, or gets the size if reading.