parse_string is only used for the authentication negotiators.

It can itself determine the length of the string it has to
transfer. Andrew B., could you take a look at the length calculation?
Is that safe?

Thanks,

Volker

diff --git a/source/rpc_parse/parse_prs.c b/source/rpc_parse/parse_prs.c
index 696142905bb555e7fae6d2f69361e0a6f25eca3c..e0a75d738254aeef181710aa3883093ce6895bdd 100644 (file)
--- a/source/rpc_parse/parse_prs.c
+++ b/source/rpc_parse/parse_prs.c
@@ -1159,10 +1159,16 @@ BOOL prs_unistr(const char *name, prs_struct *ps, int depth, UNISTR *str)
  not include the null-termination character.
  ********************************************************************/
 
-BOOL prs_string(const char *name, prs_struct *ps, int depth, char *str, int len, int max_buf_size)
+BOOL prs_string(const char *name, prs_struct *ps, int depth, char *str, int max_buf_size)
 {
        char *q;
        int i;
+       int len;
+
+       if (UNMARSHALLING(ps))
+               len = strlen(&ps->data_p[ps->data_offset]);
+       else
+               len = strlen(str);
 
        len = MIN(len, (max_buf_size-1));
 

diff --git a/source/rpc_parse/parse_rpc.c b/source/rpc_parse/parse_rpc.c
index dd75ea1f557384efcfd45685a53bbc8b8a14b446..be3a04e31c921659113512aaff647ebc3346563e 100644 (file)
--- a/source/rpc_parse/parse_rpc.c
+++ b/source/rpc_parse/parse_rpc.c
@@ -691,7 +691,7 @@ BOOL smb_io_rpc_auth_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_stru
        depth++;
 
        /* "NTLMSSP" */
-       if(!prs_string("signature", ps, depth, rav->signature, strlen("NTLMSSP"),
+       if(!prs_string("signature", ps, depth, rav->signature,
                        sizeof(rav->signature)))
                return False;
        if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type)) /* NTLMSSP_MESSAGE_TYPE */
@@ -701,7 +701,7 @@ BOOL smb_io_rpc_auth_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_stru
 }
 
 /*******************************************************************
- This parses an RPC_AUTH_VERIFIER for NETLOGON schannel. I thing
+ This parses an RPC_AUTH_VERIFIER for NETLOGON schannel. I think
  assuming "NTLMSSP" in sm_io_rpc_auth_verifier is somewhat wrong.
  I have to look at that later...
 ********************************************************************/
@@ -714,11 +714,9 @@ BOOL smb_io_rpc_netsec_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_st
        prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier");
        depth++;
 
-       /* "NTLMSSP" */
-       if(!prs_string("signature", ps, depth, rav->signature, strlen(rav->signature),
-                       sizeof(rav->signature)))
+       if(!prs_string("signature", ps, depth, rav->signature, sizeof(rav->signature)))
                return False;
-       if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type)) /* NTLMSSP_MESSAGE_TYPE */
+       if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type))
                return False;
 
        return True;
@@ -1170,11 +1168,9 @@ BOOL smb_io_rpc_auth_netsec_neg(const char *desc, RPC_AUTH_NETSEC_NEG *neg,
                return False;
        if(!prs_uint32("type2", ps, depth, &neg->type2))
                return False;
-       if(!prs_string("domain  ", ps, depth, neg->domain,
-                      strlen(neg->domain), sizeof(neg->domain)))
+       if(!prs_string("domain  ", ps, depth, neg->domain, sizeof(neg->domain)))
                return False;
-       if(!prs_string("myname  ", ps, depth, neg->myname, 
-                      strlen(neg->myname), sizeof(neg->myname)))
+       if(!prs_string("myname  ", ps, depth, neg->myname, sizeof(neg->myname)))
                return False;
 
        return True;