From 3fc381103a5c44eec54ed60f34d3124cec2e3460 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 25 Mar 2011 15:12:12 -0700 Subject: [PATCH] Fix bug 8040 - smbclient segfaults when a Cyrillic netbios name or workgroup is configured. As discovered by David Disseldorp , convert_string_talloc() doesn't always return consistent results for a zero length string. The API states an incoming string must *always* contain the terminating null, but unfotunately too much code expects passing in a zero source length to return a null terminated string, so at least ensure we return a correct null string in the required character set and return the correct length. Also ensure we cannot return a zero length for a converted string (we ensure that the returned buffer is always allocated and zero terminated anyway) as calling code depends on the fact that returning true from this function will *always* return a non-zero length (as it must include the terminating null). Note this is a different fix from what went into master (this is identical to the fix I'm planning for 3.5.x) as convert_string_talloc() has diverged between the two. Jeremy. (cherry picked from commit 00834d05c41bbdebd737f1c4ebb8e04955e092ec) --- source3/lib/charcnv.c | 24 ++++++++++++++++++++++-- 1 files changed, 22 insertions(+), 2 deletions(-) diff --git a/source3/lib/charcnv.c b/source3/lib/charcnv.c index 718f810..743f748 100644 --- a/source3/lib/charcnv.c +++ b/source3/lib/charcnv.c @@ -573,14 +573,24 @@ bool convert_string_talloc(TALLOC_CTX *ctx, charset_t from, charset_t to, errno = EINVAL; return false; } + if (srclen == 0) { - ob = talloc_strdup(ctx, ""); + /* We really should treat this as an error, but + there are too many callers that need this to + return a NULL terminated string in the correct + character set. */ + if (to == CH_UTF16LE|| to == CH_UTF16BE || to == CH_UTF16MUNGED) { + destlen = 2; + } else { + destlen = 1; + } + ob = talloc_zero_array(ctx, char, destlen); if (ob == NULL) { errno = ENOMEM; return false; } + *converted_size = destlen; *dest = ob; - *converted_size = 0; return true; } @@ -677,6 +687,16 @@ bool convert_string_talloc(TALLOC_CTX *ctx, charset_t from, charset_t to, ob[destlen] = '\0'; ob[destlen+1] = '\0'; + /* Ensure we can never return a *converted_size of zero. */ + if (destlen == 0) { + /* This can happen from a bad iconv "use_as_is:" call. */ + if (to == CH_UTF16LE|| to == CH_UTF16BE || to == CH_UTF16MUNGED) { + destlen = 2; + } else { + destlen = 1; + } + } + *converted_size = destlen; return true; -- 1.7.3.1