Changeset 102 for trunk-3.0/source/nmbd
- Timestamp:
- Nov 18, 2007, 8:35:45 PM (18 years ago)
- Location:
- trunk-3.0/source/nmbd
- Files:
-
- 2 edited
-
nmbd_packets.c (modified) (1 diff)
-
nmbd_processlogon.c (modified) (13 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk-3.0/source/nmbd/nmbd_packets.c
r26 r102 964 964 965 965 if (data && len) { 966 if (len < 0 || len > sizeof(nmb->answers->rdata)) { 967 DEBUG(5,("reply_netbios_packet: " 968 "invalid packet len (%d)\n", 969 len )); 970 return; 971 } 966 972 nmb->answers->rdlength = len; 967 973 memcpy(nmb->answers->rdata, data, len); -
trunk-3.0/source/nmbd/nmbd_processlogon.c
r26 r102 136 136 fstrcpy(reply_name, "\\\\"); 137 137 fstrcat(reply_name, my_name); 138 push_ascii_fstring(q, reply_name); 138 push_ascii(q,reply_name, 139 sizeof(outbuf)-PTR_DIFF(q, outbuf), 140 STR_TERMINATE); 139 141 q = skip_string(outbuf,sizeof(outbuf),q); /* PDC name */ 140 142 … … 232 234 233 235 fstrcpy(reply_name,my_name); 234 push_ascii_fstring(q, reply_name); 236 push_ascii(q, reply_name, 237 sizeof(outbuf)-PTR_DIFF(q, outbuf), 238 STR_TERMINATE); 235 239 q = skip_string(outbuf,sizeof(outbuf),q); /* PDC name */ 236 240 … … 240 244 q = ALIGN2(q, outbuf); 241 245 242 q += dos_PutUniCode(q, my_name, sizeof(pstring), True); /* PDC name */ 243 q += dos_PutUniCode(q, lp_workgroup(),sizeof(pstring), True); /* Domain name*/ 246 q += dos_PutUniCode(q, my_name, 247 sizeof(outbuf) - PTR_DIFF(q, outbuf), 248 True); /* PDC name */ 249 q += dos_PutUniCode(q, lp_workgroup(), 250 sizeof(outbuf) - PTR_DIFF(q, outbuf), 251 True); /* Domain name*/ 252 if (sizeof(outbuf) - PTR_DIFF(q, outbuf) < 8) { 253 return; 254 } 244 255 SIVAL(q, 0, 1); /* our nt version */ 245 256 SSVAL(q, 4, 0xffff); /* our lmnttoken */ … … 377 388 q += 2; 378 389 379 q += dos_PutUniCode(q, reply_name,sizeof(pstring), True); 380 q += dos_PutUniCode(q, ascuser, sizeof(pstring), True); 381 q += dos_PutUniCode(q, lp_workgroup(),sizeof(pstring), True); 390 q += dos_PutUniCode(q, reply_name, 391 sizeof(outbuf) - PTR_DIFF(q, outbuf), 392 True); 393 q += dos_PutUniCode(q, ascuser, 394 sizeof(outbuf) - PTR_DIFF(q, outbuf), 395 True); 396 q += dos_PutUniCode(q, lp_workgroup(), 397 sizeof(outbuf) - PTR_DIFF(q, outbuf), 398 True); 382 399 } 383 400 #ifdef HAVE_ADS … … 395 412 get_myname(hostname); 396 413 414 if (sizeof(outbuf) - PTR_DIFF(q, outbuf) < 8) { 415 return; 416 } 397 417 if (SVAL(uniuser, 0) == 0) { 398 418 SIVAL(q, 0, SAMLOGON_AD_UNK_R); /* user unknown */ … … 407 427 408 428 /* Push Domain GUID */ 429 if (sizeof(outbuf) - PTR_DIFF(q, outbuf) < UUID_FLAT_SIZE) { 430 return; 431 } 409 432 if (False == secrets_fetch_domain_guid(domain, &domain_guid)) { 410 433 DEBUG(2, ("Could not fetch DomainGUID for %s\n", domain)); … … 422 445 while ((component = strtok(dc, "."))) { 423 446 dc = NULL; 424 size = push_ascii(&q[1], component, -1, 0); 447 if (sizeof(outbuf) - PTR_DIFF(q, outbuf) < 1) { 448 return; 449 } 450 size = push_ascii(&q[1], component, 451 sizeof(outbuf) - PTR_DIFF(q+1, outbuf), 452 0); 425 453 SCVAL(q, 0, size); 426 454 q += (size + 1); … … 428 456 429 457 /* Unk0 */ 458 if (sizeof(outbuf) - PTR_DIFF(q, outbuf) < 4) { 459 return; 460 } 430 461 SCVAL(q, 0, 0); 431 462 q++; … … 437 468 438 469 /* Hostname */ 439 size = push_ascii(&q[1], hostname, -1, 0); 470 size = push_ascii(&q[1], hostname, 471 sizeof(outbuf) - PTR_DIFF(q+1, outbuf), 472 0); 440 473 SCVAL(q, 0, size); 441 474 q += (size + 1); 475 476 if (sizeof(outbuf) - PTR_DIFF(q, outbuf) < 3) { 477 return; 478 } 479 442 480 SCVAL(q, 0, 0xc0 | ((str_offset >> 8) & 0x3F)); 443 481 SCVAL(q, 1, str_offset & 0xFF); … … 445 483 446 484 /* NETBIOS of domain */ 447 size = push_ascii(&q[1], lp_workgroup(), -1, STR_UPPER); 485 size = push_ascii(&q[1], lp_workgroup(), 486 sizeof(outbuf) - PTR_DIFF(q+1, outbuf), 487 STR_UPPER); 448 488 SCVAL(q, 0, size); 449 489 q += (size + 1); 450 490 451 491 /* Unk1 */ 492 if (sizeof(outbuf) - PTR_DIFF(q, outbuf) < 2) { 493 return; 494 } 452 495 SCVAL(q, 0, 0); 453 496 q++; 454 497 455 498 /* NETBIOS of hostname */ 456 size = push_ascii(&q[1], my_name, -1, 0); 499 size = push_ascii(&q[1], my_name, 500 sizeof(outbuf) - PTR_DIFF(q+1, outbuf), 501 0); 457 502 SCVAL(q, 0, size); 458 503 q += (size + 1); 459 504 460 505 /* Unk2 */ 506 if (sizeof(outbuf) - PTR_DIFF(q, outbuf) < 4) { 507 return; 508 } 461 509 SCVAL(q, 0, 0); 462 510 q++; … … 464 512 /* User name */ 465 513 if (SVAL(uniuser, 0) != 0) { 466 size = push_ascii(&q[1], ascuser, -1, 0); 514 size = push_ascii(&q[1], ascuser, 515 sizeof(outbuf) - PTR_DIFF(q+1, outbuf), 516 0); 467 517 SCVAL(q, 0, size); 468 518 q += (size + 1); … … 471 521 q_orig = q; 472 522 /* Site name */ 473 size = push_ascii(&q[1], "Default-First-Site-Name", -1, 0); 523 if (sizeof(outbuf) - PTR_DIFF(q, outbuf) < 1) { 524 return; 525 } 526 size = push_ascii(&q[1], "Default-First-Site-Name", 527 sizeof(outbuf) - PTR_DIFF(q+1, outbuf), 528 0); 474 529 SCVAL(q, 0, size); 475 530 q += (size + 1); 531 532 if (sizeof(outbuf) - PTR_DIFF(q, outbuf) < 18) { 533 return; 534 } 476 535 477 536 /* Site name (2) */ … … 495 554 #endif 496 555 556 if (sizeof(outbuf) - PTR_DIFF(q, outbuf) < 8) { 557 return; 558 } 559 497 560 /* tell the client what version we are */ 498 561 SIVAL(q, 0, ((ntversion < 11) || (SEC_ADS != lp_security())) ? 1 : 13);
Note:
See TracChangeset
for help on using the changeset viewer.
