Fix bug #8005 - smbtorture4 BASE-TCONDEV fails when tested on Samba

When pulling non-aligned ucs2 strings, we neglected to add in the
pad byte to the buffer length we've eaten. This caused the device
string in TCONX (which seems to be one of the few places that uses
non-aligned ucs2 strings) to be incorrectly read.

Volker please check.

Jeremy.

diff --git a/source3/lib/charcnv.c b/source3/lib/charcnv.c
index 6f1ced69d03630b8665ba99e9b6074e6df925c3c..5b2149b9c11e7598abb790a00d8b9e981db7d056 100644 (file)
--- a/source3/lib/charcnv.c
+++ b/source3/lib/charcnv.c
@@ -1225,6 +1225,7 @@ bool push_utf8_talloc(TALLOC_CTX *ctx, char **dest, const char *src,
 size_t pull_ucs2(const void *base_ptr, char *dest, const void *src, size_t dest_len, size_t src_len, int flags)
 {
        size_t ret;
+       size_t ucs2_align_len = 0;
 
        if (dest_len == (size_t)-1) {
                /* No longer allow dest_len of -1. */
@@ -1242,6 +1243,7 @@ size_t pull_ucs2(const void *base_ptr, char *dest, const void *src, size_t dest_
                src = (const void *)((const char *)src + 1);
                if (src_len != (size_t)-1)
                        src_len--;
+               ucs2_align_len = 1;
        }
 
        if (flags & STR_TERMINATE) {
@@ -1277,7 +1279,7 @@ size_t pull_ucs2(const void *base_ptr, char *dest, const void *src, size_t dest_
                dest[0] = 0;
        }
 
-       return src_len;
+       return src_len + ucs2_align_len;
 }
 
 /**
@@ -1303,6 +1305,7 @@ size_t pull_ucs2_base_talloc(TALLOC_CTX *ctx,
 {
        char *dest;
        size_t dest_len;
+       size_t ucs2_align_len = 0;
 
        *ppdest = NULL;
 
@@ -1321,6 +1324,7 @@ size_t pull_ucs2_base_talloc(TALLOC_CTX *ctx,
                src = (const void *)((const char *)src + 1);
                if (src_len != (size_t)-1)
                        src_len--;
+               ucs2_align_len = 1;
        }
 
        if (flags & STR_TERMINATE) {
@@ -1386,7 +1390,7 @@ size_t pull_ucs2_base_talloc(TALLOC_CTX *ctx,
        }
 
        *ppdest = dest;
-       return src_len;
+       return src_len + ucs2_align_len;
 }
 
 size_t pull_ucs2_fstring(char *dest, const void *src)