From f7e97e839a2722234df6963c1b74d04c7960dc70 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 4 Nov 2011 12:52:44 +0100 Subject: [PATCH] s3:libsmb: the workgroup in the non-extended-security negprot is not aligned (#8573) I've tested the fix against NT4 sp6a, W2K sp4, W2K8R2 and Win8pre0. metze (similar to commit aea76a3aaa7ea52f563e7bc8a8ed60d9651f9e34) --- source3/libsmb/cliconnect.c | 25 +++++++++++++++++++++---- 1 files changed, 21 insertions(+), 4 deletions(-) diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 113b8a5..f03219b 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -2655,6 +2655,7 @@ static void cli_negprot_done(struct tevent_req *subreq) if (cli->protocol >= PROTOCOL_NT1) { struct timespec ts; bool negotiated_smb_signing = false; + DATA_BLOB blob = data_blob_null; if (wct != 0x11) { tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); @@ -2680,13 +2681,29 @@ static void cli_negprot_done(struct tevent_req *subreq) /* work out if they sent us a workgroup */ if (!(cli->capabilities & CAP_EXTENDED_SECURITY) && smb_buflen(inbuf) > 8) { + blob = data_blob_const(bytes + 8, num_bytes - 8); + } + + if (blob.length > 0) { ssize_t ret; - status = smb_bytes_talloc_string( - cli, (char *)inbuf, &cli->server_domain, - bytes + 8, num_bytes - 8, &ret); - if (tevent_req_nterror(req, status)) { + char *server_domain = NULL; + + ret = clistr_pull_talloc(cli, + (const char *)inbuf, + SVAL(inbuf, smb_flg2), + &server_domain, + (char *)blob.data, + blob.length, + STR_TERMINATE| + STR_UNICODE| + STR_NOALIGN); + if (ret == -1) { + tevent_req_nterror(req, NT_STATUS_NO_MEMORY); return; } + if (server_domain) { + cli->server_domain = server_domain; + } } /* -- 1.7.4.1