lib: strings: Fix the behavior of strncasecmp_m_handle() in the face of bad conversions.

When either string has a bad conversion, we fall back to
doing raw ascii byte comparisons using strcasecmp(). This
is wrong - we should fall back to strncasecmp.

The problem is we've already stepped past the character
that failed the conversion, so we're not re-testing those
characters for comparison. This can have the effect of
causing strncasecmp_m_handle() to report that two strings
are identical when they are not, if the failed conversion
takes place at the end of the string.

The correct behavior is to step back to the point of
the string(s) that failed the conversion, and continue
the test from there.

This is a litle trickier than the previous fix, as
it requires converting the incoming n variable from
remaining characters to compare to remaining bytes to
compare.

As bytes are always the smallest character size
(1 byte) then it's safe to convert the remaining
characters to check by decrementing the source string
by the last character length (in bytes) and incrementing
the remaining bytes to scan by the same value, then
calling strncasecmp() with the stepped back strings
remaining.

Signed-off-by: Jeremy Allison <jra@samba.org>

diff --git a/lib/util/charset/util_str.c b/lib/util/charset/util_str.c
index 1810e2429f85d6238965b08e448d43aeed84dc9b..f62c9998b33f2422a8e1cc61b3fe6f4688f1a7a2 100644 (file)
--- a/lib/util/charset/util_str.c
+++ b/lib/util/charset/util_str.c
@@ -116,8 +116,33 @@ _PUBLIC_ int strncasecmp_m_handle(struct smb_iconv_handle *iconv_handle,
 
                if (c1 == INVALID_CODEPOINT ||
                    c2 == INVALID_CODEPOINT) {
-                       /* what else can we do?? */
-                       return strcasecmp(s1, s2);
+                       /*
+                        * Fall back to byte
+                        * comparison. We must
+                        * step back by the codepoint
+                        * length we just incremented
+                        * by - otherwise we are not
+                        * checking the bytes that
+                        * failed the conversion.
+                        */
+                       s1 -= size1;
+                       s2 -= size2;
+                       /*
+                        * n was specified in characters,
+                        * now we must convert it to bytes.
+                        * As bytes are the smallest
+                        * character unit, the following
+                        * increment and strncasecmp is always
+                        * safe.
+                        *
+                        * The source string was already known
+                        * to be n characters long, so we are
+                        * guaranteed to be able to look at the
+                        * (n remaining + size1) bytes from the
+                        * new (s1 - size1) position).
+                        */
+                       n += size1;
+                       return strncasecmp(s1, s2, n);
                }
 
                if (toupper_m(c1) != toupper_m(c2)) {