Patch by Metze to ensure that we always at least initialize our output string
authorAndrew Bartlett <abartlet@samba.org>
Wed, 23 Apr 2003 14:07:33 +0000 (14:07 +0000)
committerAndrew Bartlett <abartlet@samba.org>
Wed, 23 Apr 2003 14:07:33 +0000 (14:07 +0000)
for rpc_pull_string.  If we had a NULL or zero-length string, we would use
uninitialised data in the result string.

Andrew Bartlett
(This used to be commit df10aee451b431a8a056a949a98393da256185da)

source3/lib/charcnv.c
source3/lib/util_unistr.c
source3/rpc_server/srv_samr_nt.c

index 7acb7147fd64f0d4fb48faab39adf43e6e8652f7..5086f924dbcfbf048883366097af03bcef63d375 100644 (file)
@@ -420,6 +420,8 @@ size_t pull_ascii(char *dest, const void *src, size_t dest_len, size_t src_len,
 
        if (dest_len)
                dest[MIN(ret, dest_len-1)] = 0;
+       else
+               dest[0] = 0;
 
        return src_len;
 }
@@ -629,6 +631,8 @@ size_t pull_ucs2(const void *base_ptr, char *dest, const void *src, size_t dest_
        ret = convert_string(CH_UCS2, CH_UNIX, src, src_len, dest, dest_len);
        if (dest_len)
                dest[MIN(ret, dest_len-1)] = 0;
+       else 
+               dest[0] = 0;
 
        return src_len;
 }
index 08bb03986f145eb62868fb9c544e129163dc28ff..5df0828295f95ff8e5eec4fa617c6a152a575d16 100644 (file)
@@ -229,7 +229,10 @@ char *skip_unibuf(char *src, size_t len)
  */ 
 int rpcstr_pull(char* dest, void *src, int dest_len, int src_len, int flags)
 {
-       if (!src) return 0;
+       if (!src) {
+               dest[0] = 0;
+               return 0;
+       }
        if(dest_len==-1) dest_len=MAXUNI-3;
        return pull_ucs2(NULL, dest, src, dest_len, src_len, flags|STR_UNICODE|STR_NOALIGN);
 }
index 7b2cd78dc63a61e630ec6f2f1de0131ededb40ee..d6441fd361c3150cd1e5d4a9837e0cad2f9f18b1 100644 (file)
@@ -1473,13 +1473,14 @@ NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LO
        for (i = 0; i < num_rids; i++) {
                fstring name;
                DOM_SID sid;
+               int ret;
 
                r_u->status = NT_STATUS_NONE_MAPPED;
 
                rid [i] = 0xffffffff;
                type[i] = SID_NAME_UNKNOWN;
 
-               rpcstr_pull(name, q_u->uni_name[i].buffer, sizeof(name), q_u->uni_name[i].uni_str_len*2, 0);
+               ret = rpcstr_pull(name, q_u->uni_name[i].buffer, sizeof(name), q_u->uni_name[i].uni_str_len*2, 0);
 
                /*
                 * we are only looking for a name
@@ -1492,7 +1493,8 @@ NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LO
                 * a cleaner code is to add the sid of the domain we're looking in
                 * to the local_lookup_name function.
                 */
-               if(local_lookup_name(name, &sid, &local_type)) {
+                
+               if ((ret > 0) && local_lookup_name(name, &sid, &local_type)) {
                        sid_split_rid(&sid, &local_rid);
                                
                        if (sid_equal(&sid, &pol_sid)) {