Changeset 740 for vendor/current/libcli/nbt/nbtname.c

Timestamp:

Nov 14, 2012, 12:59:34 PM (13 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: update vendor to 3.6.0

File:

• vendor/current/libcli/nbt/nbtname.c (modified) (8 diffs)

vendor/current/libcli/nbt/nbtname.c

@@ -28 +28 @@
 #include "librpc/gen_ndr/ndr_misc.h"
 #include "system/locale.h"
+#include "lib/util/util_net.h"
 
 /* don't allow an unlimited number of name components */
@@ -49 +50 @@
 {
         uint8_t len;
-        uint_t loops = 0;
+        unsigned int loops = 0;
         while (loops < 5) {
                 if (*offset >= ndr->data_size) {
@@ -176 +177 @@
 
                 /* we need to make sure the length fits into 6 bytes */
-                if (complen >= 0x3F) {
+                if (complen > 0x3F) {
                         return ndr_push_error(ndr, NDR_ERR_STRING,
-                                              "component length %u[%08X] > 0x00003F",
+                                              "component length %u[%08X] > 0x0000003F",
                                               (unsigned)complen, (unsigned)complen);
                 }
@@ -383 +384 @@
   push a nbt name into a blob
 */
-_PUBLIC_ NTSTATUS nbt_name_to_blob(TALLOC_CTX *mem_ctx, struct smb_iconv_convenience *iconv_convenience, DATA_BLOB *blob, struct nbt_name *name)
+_PUBLIC_ NTSTATUS nbt_name_to_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, struct nbt_name *name)
 {
         enum ndr_err_code ndr_err;
 
-        ndr_err = ndr_push_struct_blob(blob, mem_ctx, iconv_convenience, name, (ndr_push_flags_fn_t)ndr_push_nbt_name);
+        ndr_err = ndr_push_struct_blob(blob, mem_ctx, name, (ndr_push_flags_fn_t)ndr_push_nbt_name);
         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
                 return ndr_map_error2ntstatus(ndr_err);
@@ -402 +403 @@
         enum ndr_err_code ndr_err;
 
-        ndr_err = ndr_pull_struct_blob(blob, mem_ctx, NULL, name,
+        ndr_err = ndr_pull_struct_blob(blob, mem_ctx, name,
                                        (ndr_pull_flags_fn_t)ndr_pull_nbt_name);
         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@@ -520 +521 @@
         NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, namebuf, namebuf_len));
 
+        if ((namebuf_len % 4) == 0) {
+                /*
+                 * [MS-WINSRA] — v20091104 was wrong
+                 * regarding section "2.2.10.1 Name Record"
+                 *
+                 * If the name buffer is already 4 byte aligned
+                 * Windows (at least 2003 SP1 and 2008) add 4 extra
+                 * bytes. This can happen when the name has a scope.
+                 */
+                uint32_t pad;
+                NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &pad));
+        }
+
         NDR_PULL_ALLOC(ndr, r);
 
@@ -548 +562 @@
         if (!r->name) return ndr_pull_error(ndr, NDR_ERR_ALLOC, "out of memory");
 
-        if (namebuf_len > 18) {
-                r->scope = talloc_strndup(r, (char *)(namebuf+17), namebuf_len-17);
+        if (namebuf_len > 17) {
+                r->scope = talloc_strndup(r, (char *)(namebuf+16), namebuf_len-17);
                 if (!r->scope) return ndr_pull_error(ndr, NDR_ERR_ALLOC, "out of memory");
         } else {
@@ -617 +631 @@
         NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, namebuf_len));
         NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, namebuf, namebuf_len));
+
+        if ((namebuf_len % 4) == 0) {
+                /*
+                 * [MS-WINSRA] — v20091104 was wrong
+                 * regarding section "2.2.10.1 Name Record"
+                 *
+                 * If the name buffer is already 4 byte aligned
+                 * Windows (at least 2003 SP1 and 2008) add 4 extra
+                 * bytes. This can happen when the name has a scope.
+                 */
+                NDR_CHECK(ndr_push_zero(ndr, 4));
+        }
 
         talloc_free(namebuf);