The Samba-Bugzilla – Attachment 49 Details for
Bug 221
multibyte user/computer names make nmbd crash
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
prevents nmbd crash
bug221.patch (text/plain), 3.34 KB, created by
TAKAHASHI Motonobu
on 2003-07-13 08:16:40 UTC
(
hide
)
Description:
prevents nmbd crash
Filename:
MIME Type:
Creator:
TAKAHASHI Motonobu
Created:
2003-07-13 08:16:40 UTC
Size:
3.34 KB
patch
obsolete
>diff -ur ../source.orig/include/smb.h ./include/smb.h >--- ../source.orig/include/smb.h 2003-07-09 17:48:18.000000000 +0900 >+++ ./include/smb.h 2003-07-09 17:45:04.000000000 +0900 >@@ -1483,7 +1483,7 @@ > > /* A netbios name structure. */ > struct nmb_name { >- char name[17]; >+ char name[16*3+1]; /* the *3 is to cope with multi-byte */ > char scope[64]; > unsigned int name_type; > }; >diff -ur ../source.orig/libsmb/nmblib.c ./libsmb/nmblib.c >--- ../source.orig/libsmb/nmblib.c 2003-07-08 23:17:19.000000000 +0900 >+++ ./libsmb/nmblib.c 2003-07-09 18:59:54.000000000 +0900 >@@ -178,6 +178,7 @@ > BOOL got_pointer=False; > int loop_count=0; > int offset = ofs; >+ uchar netbios_name[17]; > > if (length - offset < 2) > return(0); >@@ -203,24 +204,26 @@ > uchar c1,c2; > c1 = ubuf[offset++]-'A'; > c2 = ubuf[offset++]-'A'; >- if ((c1 & 0xF0) || (c2 & 0xF0) || (n > sizeof(name->name)-1)) >+ if ((c1 & 0xF0) || (c2 & 0xF0) || (n > sizeof(netbios_name)-1)) > return(0); >- name->name[n++] = (c1<<4) | c2; >+ netbios_name[n++] = (c1<<4) | c2; > m -= 2; > } >- name->name[n] = 0; >+ netbios_name[n] = 0; > > if (n==16) { > /* parse out the name type, > its always in the 16th byte of the name */ >- name->name_type = ((uchar)name->name[15]) & 0xff; >+ name->name_type = ((uchar)netbios_name[15]) & 0xff; > > /* remove trailing spaces */ >- name->name[15] = 0; >+ netbios_name[15] = 0; > n = 14; >- while (n && name->name[n]==' ') >- name->name[n--] = 0; >+ while (n && netbios_name[n]==' ') >+ netbios_name[n--] = 0; > } >+ pull_ascii(name->name, netbios_name, >+ sizeof(name->name), sizeof(netbios_name), STR_TERMINATE); > > /* now the domain parts (if any) */ > n = 0; >@@ -270,14 +273,18 @@ > int ret,m; > fstring buf1; > char *p; >+ uchar netbios_name[17]; > >- if (strcmp(name->name,"*") == 0) { >+ push_ascii(netbios_name, name->name, >+ sizeof(netbios_name), STR_TERMINATE|STR_UPPER); >+ >+ if (strcmp(netbios_name,"*") == 0) { > /* special case for wildcard name */ > memset(buf1,'\0',20); > buf1[0] = '*'; > buf1[15] = name->name_type; > } else { >- slprintf(buf1, sizeof(buf1) - 1,"%-15.15s%c",name->name,name->name_type); >+ slprintf(buf1, sizeof(buf1) - 1,"%-15.15s%c",netbios_name,name->name_type); > } > > buf[offset] = 0x20; >@@ -820,7 +827,7 @@ > void make_nmb_name( struct nmb_name *n, const char *name, int type) > { > memset( (char *)n, '\0', sizeof(struct nmb_name) ); >- push_ascii(n->name, name, 16, STR_TERMINATE|STR_UPPER); >+ StrnCpy( n->name, name, sizeof(n->name)-1 ); > n->name_type = (unsigned int)type & 0xFF; > StrnCpy( n->scope, global_scope(), 63 ); > strupper( n->scope ); >diff -ur ../source.orig/nmbd/nmbd_incomingdgrams.c ./nmbd/nmbd_incomingdgrams.c >--- ../source.orig/nmbd/nmbd_incomingdgrams.c 2003-07-08 23:17:35.000000000 +0900 >+++ ./nmbd/nmbd_incomingdgrams.c 2003-07-05 16:33:44.000000000 +0900 >@@ -201,12 +201,13 @@ > { > struct dgram_packet *dgram = &p->packet.dgram; > int ttl = IVAL(buf,1)/1000; >- char *workgroup_announce_name = buf+5; >+ fstring workgroup_announce_name; > uint32 servertype = IVAL(buf,23); > char *master_name = buf+31; > struct work_record *work; > char *source_name = dgram->source_name.name; > >+ pull_ascii_fstring(workgroup_announce_name, buf+5) > START_PROFILE(workgroup_announce); > master_name[43] = 0; >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=49">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 221
: 49