complen = strcspn(s, ".");
/* we need to make sure the length fits into 6 bytes */
- if (complen >= 0x3F) {
+ if (complen > 0x3F) {
return ndr_push_error(ndr, NDR_ERR_STRING,
- "component length %u[%08X] > 0x00003F",
+ "component length %u[%08X] > 0x0000003F",
(unsigned)complen, (unsigned)complen);
}
NDR_PULL_ALLOC_N(ndr, namebuf, namebuf_len);
NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, namebuf, namebuf_len));
+ if ((namebuf_len % 4) == 0) {
+ /*
+ * [MS-WINSRA] — v20091104 was wrong
+ * regarding section "2.2.10.1 Name Record"
+ *
+ * If the name buffer is already 4 byte aligned
+ * Windows (at least 2003 SP1 and 2008) add 4 extra
+ * bytes. This can happen when the name has a scope.
+ */
+ uint32_t pad;
+ NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &pad));
+ }
+
NDR_PULL_ALLOC(ndr, r);
/* oh wow, what a nasty bug in windows ... */
r->name = talloc_strdup(r, (char *)namebuf);
if (!r->name) return ndr_pull_error(ndr, NDR_ERR_ALLOC, "out of memory");
- if (namebuf_len > 18) {
- r->scope = talloc_strndup(r, (char *)(namebuf+17), namebuf_len-17);
+ if (namebuf_len > 17) {
+ r->scope = talloc_strndup(r, (char *)(namebuf+16), namebuf_len-17);
if (!r->scope) return ndr_pull_error(ndr, NDR_ERR_ALLOC, "out of memory");
} else {
r->scope = NULL;
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, namebuf_len));
NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, namebuf, namebuf_len));
+ if ((namebuf_len % 4) == 0) {
+ /*
+ * [MS-WINSRA] — v20091104 was wrong
+ * regarding section "2.2.10.1 Name Record"
+ *
+ * If the name buffer is already 4 byte aligned
+ * Windows (at least 2003 SP1 and 2008) add 4 extra
+ * bytes. This can happen when the name has a scope.
+ */
+ NDR_CHECK(ndr_push_zero(ndr, 4));
+ }
+
talloc_free(namebuf);
return NDR_ERR_SUCCESS;
}