r22291: Fix off-by-one in tconX parsing.

author Jeremy Allison <jra@samba.org>

Tue, 17 Apr 2007 02:14:28 +0000 (02:14 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 17:19:24 +0000 (12:19 -0500)
author Jeremy Allison <jra@samba.org>
Tue, 17 Apr 2007 02:14:28 +0000 (02:14 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 17:19:24 +0000 (12:19 -0500)
diff --git a/source/smbd/reply.c b/source/smbd/reply.c

index eb4106b0c1815ae66fc1b6bca7cc7e00e0da5bda..3d0f8a3ca84c7b514ce99a1ed7648ea8574236aa 100644 (file)
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -469,13 +469,22 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
   
         if (global_encrypted_passwords_negotiated) {
                 password = data_blob(smb_buf(inbuf),passlen);
+               if (lp_security() == SEC_SHARE) {
+                       /*
+                        * Security = share always has a pad byte
+                        * after the password.
+                        */
+                       p = smb_buf(inbuf) + passlen + 1;
+               } else {
+                       p = smb_buf(inbuf) + passlen;
+               }
         } else {
                 password = data_blob(smb_buf(inbuf),passlen+1);
                 /* Ensure correct termination */
-               password.data[passlen]=0;    
+               password.data[passlen]=0;
+               p = smb_buf(inbuf) + passlen + 1;
         }
  
-       p = smb_buf(inbuf) + passlen;
         p += srvstr_pull_buf(inbuf, path, p, sizeof(path), STR_TERMINATE);
  
         /*
author	Jeremy Allison <jra@samba.org>
	Tue, 17 Apr 2007 02:14:28 +0000 (02:14 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 17:19:24 +0000 (12:19 -0500)