Ensure every use of push_ascii checks for error -1 condition.
authorJeremy Allison <jra@samba.org>
Mon, 19 Nov 2007 23:27:11 +0000 (15:27 -0800)
committerJeremy Allison <jra@samba.org>
Mon, 19 Nov 2007 23:27:11 +0000 (15:27 -0800)
Ensure that is zero termination is requested that it is
applied if there's space.
Jeremy.

source/lib/charcnv.c
source/libsmb/clirap.c
source/nmbd/nmbd_processlogon.c
source/smbd/lanman.c

index 2341429b9aff946a29e30fd9159884525c23c6e1..7b52830cde1658109be41b55b8b9dfb1724f3873 100644 (file)
@@ -871,6 +871,7 @@ size_t push_ascii(void *dest, const char *src, size_t dest_len, int flags)
 {
        size_t src_len = strlen(src);
        pstring tmpbuf;
+       size_t ret;
 
        /* No longer allow a length of -1 */
        if (dest_len == (size_t)-1)
@@ -885,7 +886,13 @@ size_t push_ascii(void *dest, const char *src, size_t dest_len, int flags)
        if (flags & (STR_TERMINATE | STR_TERMINATE_ASCII))
                src_len++;
 
-       return convert_string(CH_UNIX, CH_DOS, src, src_len, dest, dest_len, True);
+       ret =convert_string(CH_UNIX, CH_DOS, src, src_len, dest, dest_len, True);
+       if (ret == (size_t)-1 &&
+                       (flags & (STR_TERMINATE | STR_TERMINATE_ASCII))
+                       && dest_len > 0) {
+               ((char *)dest)[0] = '\0';
+       }
+       return ret;
 }
 
 size_t push_ascii_fstring(void *dest, const char *src)
index 6008dfbe934715a5b456f53cd7f6bbeb1a649d21..cada138082a4452eecf25b93307e0ef65b106e28 100644 (file)
@@ -217,6 +217,7 @@ BOOL cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
        pstring param;
        int uLevel = 1;
        int count = -1;
+       size_t len;
 
        errno = 0; /* reset */
 
@@ -236,7 +237,11 @@ BOOL cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
        SIVAL(p,0,stype);
        p += 4;
 
-       p += push_ascii(p, workgroup, sizeof(pstring)-PTR_DIFF(p,param)-1, STR_TERMINATE|STR_UPPER);
+       len = push_ascii(p, workgroup, sizeof(pstring)-PTR_DIFF(p,param)-1, STR_TERMINATE|STR_UPPER);
+       if (len == (size_t)-1) {
+               return false;
+       }
+       p += len;
        
        if (cli_api(cli, 
                     param, PTR_DIFF(p,param), 8,        /* params, length, max */
index 05e82a4bf281d62d8f9e51be52dbc65a1b5bda98..b0def406f72b5bd489d43e2e92ebf4d93562aa3c 100644 (file)
@@ -450,6 +450,9 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
                                                size = push_ascii(&q[1], component,
                                                        sizeof(outbuf) - PTR_DIFF(q+1, outbuf),
                                                        0);
+                                               if (size == (uint8)-1) {
+                                                       return;
+                                               }
                                                SCVAL(q, 0, size);
                                                q += (size + 1);
                                        }
@@ -470,6 +473,9 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
                                        size = push_ascii(&q[1], hostname,
                                                        sizeof(outbuf) - PTR_DIFF(q+1, outbuf),
                                                        0);
+                                       if (size == (uint8)-1) {
+                                               return;
+                                       }
                                        SCVAL(q, 0, size);
                                        q += (size + 1);
 
@@ -485,6 +491,9 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
                                        size = push_ascii(&q[1], lp_workgroup(),
                                                        sizeof(outbuf) - PTR_DIFF(q+1, outbuf),
                                                        STR_UPPER);
+                                       if (size == (uint8)-1) {
+                                               return;
+                                       }
                                        SCVAL(q, 0, size);
                                        q += (size + 1);
 
@@ -499,6 +508,9 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
                                        size = push_ascii(&q[1], my_name,
                                                        sizeof(outbuf) - PTR_DIFF(q+1, outbuf),
                                                        0);
+                                       if (size == (uint8)-1) {
+                                               return;
+                                       }
                                        SCVAL(q, 0, size);
                                        q += (size + 1);
 
@@ -514,6 +526,9 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
                                                size = push_ascii(&q[1], ascuser,
                                                        sizeof(outbuf) - PTR_DIFF(q+1, outbuf),
                                                        0);
+                                               if (size == (uint8)-1) {
+                                                       return;
+                                               }
                                                SCVAL(q, 0, size);
                                                q += (size + 1);
                                        }
@@ -526,6 +541,9 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
                                        size = push_ascii(&q[1], "Default-First-Site-Name",
                                                        sizeof(outbuf) - PTR_DIFF(q+1, outbuf),
                                                        0);
+                                       if (size == (uint8)-1) {
+                                               return;
+                                       }
                                        SCVAL(q, 0, size);
                                        q += (size + 1);
 
index 000b2f4c169266116d8bd77d3afd6994633d0f20..abdd4e9a72dda275458f984b131e9c1115da69b5 100644 (file)
@@ -82,6 +82,9 @@ static int CopyExpanded(connection_struct *conn,
                              current_user_info.domain,
                              buf, sizeof(buf));
        l = push_ascii(*dst,buf,*n, STR_TERMINATE);
+       if (l == -1) {
+               return 0;
+       }
        (*dst) += l;
        (*n) -= l;
        return l;
@@ -94,6 +97,9 @@ static int CopyAndAdvance(char **dst, char *src, int *n)
                return 0;
        }
        l = push_ascii(*dst,src,*n, STR_TERMINATE);
+       if (l == -1) {
+               return 0;
+       }
        (*dst) += l;
        (*n) -= l;
        return l;