Author: vlendec Date: 2007-07-05 16:33:37 +0000 (Thu, 05 Jul 2007) New Revision: 23726
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=23726 Log: Explicitly pass down the FLAGS2 field to srvstr_pull_buf. The next checkin will pull this up to srvstr_get_path. At that point we can get more independent of the inbuf, the base_ptr in pull_string will only be used to satisfy UCS2 alignment constraints. Modified: branches/SAMBA_3_0/source/include/safe_string.h branches/SAMBA_3_0/source/include/srvstr.h branches/SAMBA_3_0/source/lib/charcnv.c branches/SAMBA_3_0/source/libsmb/clistr.c branches/SAMBA_3_0/source/libsmb/ntlmssp_parse.c branches/SAMBA_3_0/source/libsmb/smbencrypt.c branches/SAMBA_3_0/source/smbd/ipc.c branches/SAMBA_3_0/source/smbd/message.c branches/SAMBA_3_0/source/smbd/nttrans.c branches/SAMBA_3_0/source/smbd/pipes.c branches/SAMBA_3_0/source/smbd/reply.c branches/SAMBA_3_0/source/smbd/sesssetup.c branches/SAMBA_3_0/source/smbd/trans2.c Changeset: Modified: branches/SAMBA_3_0/source/include/safe_string.h =================================================================== --- branches/SAMBA_3_0/source/include/safe_string.h 2007-07-05 16:27:47 UTC (rev 23725) +++ branches/SAMBA_3_0/source/include/safe_string.h 2007-07-05 16:33:37 UTC (rev 23726) @@ -164,7 +164,7 @@ #define safe_strcpy(dest,src,maxlength) safe_strcpy_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE,dest,src,maxlength) #define safe_strcat(dest,src,maxlength) safe_strcat_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE,dest,src,maxlength) #define push_string(base_ptr, dest, src, dest_len, flags) push_string_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, dest, src, dest_len, flags) -#define pull_string(base_ptr, dest, src, dest_len, src_len, flags) pull_string_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, dest, src, dest_len, src_len, flags) +#define pull_string(base_ptr, smb_flags2, dest, src, dest_len, src_len, flags) pull_string_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, smb_flags2, dest, src, dest_len, src_len, flags) #define clistr_push(cli, dest, src, dest_len, flags) clistr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, cli, dest, src, dest_len, flags) #define clistr_pull(cli, dest, src, dest_len, src_len, flags) clistr_pull_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, cli, dest, src, dest_len, src_len, flags) #define srvstr_push(base_ptr, dest, src, dest_len, flags) srvstr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, dest, src, dest_len, flags) @@ -193,10 +193,10 @@ ? __unsafe_string_function_usage_here_size_t__() \ : push_string_fn(fn_name, fn_line, base_ptr, dest, src, dest_len, flags)) -#define pull_string_fn2(fn_name, fn_line, base_ptr, dest, src, dest_len, src_len, flags) \ +#define pull_string_fn2(fn_name, fn_line, base_ptr, smb_flags2, dest, src, dest_len, src_len, flags) \ (CHECK_STRING_SIZE(dest, dest_len) \ ? __unsafe_string_function_usage_here_size_t__() \ - : pull_string_fn(fn_name, fn_line, base_ptr, dest, src, dest_len, src_len, flags)) + : pull_string_fn(fn_name, fn_line, base_ptr, smb_flags2, dest, src, dest_len, src_len, flags)) #define clistr_push_fn2(fn_name, fn_line, cli, dest, src, dest_len, flags) \ (CHECK_STRING_SIZE(dest, dest_len) \ Modified: branches/SAMBA_3_0/source/include/srvstr.h =================================================================== --- branches/SAMBA_3_0/source/include/srvstr.h 2007-07-05 16:27:47 UTC (rev 23725) +++ branches/SAMBA_3_0/source/include/srvstr.h 2007-07-05 16:33:37 UTC (rev 23726) @@ -18,14 +18,14 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -#define srvstr_pull(base_ptr, dest, src, dest_len, src_len, flags) \ - pull_string(base_ptr, dest, src, dest_len, src_len, flags) +#define srvstr_pull(base_ptr, smb_flags2, dest, src, dest_len, src_len, flags) \ + pull_string(base_ptr, smb_flags2, dest, src, dest_len, src_len, flags) /* pull a string from the smb_buf part of a packet. In this case the string can either be null terminated or it can be terminated by the end of the smbbuf area */ -#define srvstr_pull_buf(inbuf, dest, src, dest_len, flags) \ - pull_string(inbuf, dest, src, dest_len, smb_bufrem(inbuf, src), flags) +#define srvstr_pull_buf(inbuf, smb_flags2, dest, src, dest_len, flags) \ + pull_string(inbuf, smb_flags2, dest, src, dest_len, smb_bufrem(inbuf, src), flags) Modified: branches/SAMBA_3_0/source/lib/charcnv.c =================================================================== --- branches/SAMBA_3_0/source/lib/charcnv.c 2007-07-05 16:27:47 UTC (rev 23725) +++ branches/SAMBA_3_0/source/lib/charcnv.c 2007-07-05 16:33:37 UTC (rev 23726) @@ -1376,16 +1376,24 @@ The resulting string in "dest" is always null terminated. **/ -size_t pull_string_fn(const char *function, unsigned int line, const void *base_ptr, char *dest, const void *src, size_t dest_len, size_t src_len, int flags) +size_t pull_string_fn(const char *function, unsigned int line, + const void *base_ptr, uint16 smb_flags2, char *dest, + const void *src, size_t dest_len, size_t src_len, + int flags) { #ifdef DEVELOPER if (dest_len != (size_t)-1) clobber_region(function, line, dest, dest_len); #endif + if ((base_ptr == NULL) && ((flags & (STR_ASCII|STR_UNICODE)) == 0)) { + smb_panic("No base ptr to get flg2 and neither ASCII nor " + "UNICODE defined"); + } + if (!(flags & STR_ASCII) && \ ((flags & STR_UNICODE || \ - (SVAL(base_ptr, smb_flg2) & FLAGS2_UNICODE_STRINGS)))) { + (smb_flags2 & FLAGS2_UNICODE_STRINGS)))) { return pull_ucs2(base_ptr, dest, src, dest_len, src_len, flags); } return pull_ascii(dest, src, dest_len, src_len, flags); Modified: branches/SAMBA_3_0/source/libsmb/clistr.c =================================================================== --- branches/SAMBA_3_0/source/libsmb/clistr.c 2007-07-05 16:27:47 UTC (rev 23725) +++ branches/SAMBA_3_0/source/libsmb/clistr.c 2007-07-05 16:33:37 UTC (rev 23726) @@ -43,7 +43,9 @@ int dest_len, int src_len, int flags) { - return pull_string_fn(function, line, cli->inbuf, dest, src, dest_len, src_len, flags); + return pull_string_fn(function, line, cli->inbuf, + SVAL(cli->inbuf, smb_flg2), dest, src, dest_len, + src_len, flags); } Modified: branches/SAMBA_3_0/source/libsmb/ntlmssp_parse.c =================================================================== --- branches/SAMBA_3_0/source/libsmb/ntlmssp_parse.c 2007-07-05 16:27:47 UTC (rev 23725) +++ branches/SAMBA_3_0/source/libsmb/ntlmssp_parse.c 2007-07-05 16:33:37 UTC (rev 23726) @@ -220,9 +220,10 @@ return False; if (0 < len1) { - pull_string(NULL, p, blob->data + ptr, sizeof(p), - len1, - STR_UNICODE|STR_NOALIGN); + pull_string( + NULL, 0, p, + blob->data + ptr, sizeof(p), + len1, STR_UNICODE|STR_NOALIGN); (*ps) = smb_xstrdup(p); } else { (*ps) = smb_xstrdup(""); @@ -248,9 +249,10 @@ return False; if (0 < len1) { - pull_string(NULL, p, blob->data + ptr, sizeof(p), - len1, - STR_ASCII|STR_NOALIGN); + pull_string( + NULL, 0, p, + blob->data + ptr, sizeof(p), + len1, STR_ASCII|STR_NOALIGN); (*ps) = smb_xstrdup(p); } else { (*ps) = smb_xstrdup(""); @@ -300,9 +302,10 @@ if (blob->data + head_ofs < (uint8 *)head_ofs || blob->data + head_ofs < blob->data) return False; - head_ofs += pull_string(NULL, p, blob->data+head_ofs, sizeof(p), - blob->length - head_ofs, - STR_ASCII|STR_TERMINATE); + head_ofs += pull_string( + NULL, 0, p, blob->data+head_ofs, sizeof(p), + blob->length - head_ofs, + STR_ASCII|STR_TERMINATE); if (strcmp(s, p) != 0) { return False; } Modified: branches/SAMBA_3_0/source/libsmb/smbencrypt.c =================================================================== --- branches/SAMBA_3_0/source/libsmb/smbencrypt.c 2007-07-05 16:27:47 UTC (rev 23725) +++ branches/SAMBA_3_0/source/libsmb/smbencrypt.c 2007-07-05 16:33:37 UTC (rev 23726) @@ -555,7 +555,8 @@ } /* decode into the return buffer. Buffer length supplied */ - *new_pw_len = pull_string(NULL, new_pwrd, &in_buffer[512 - byte_len], new_pwrd_size, + *new_pw_len = pull_string(NULL, 0, new_pwrd, + &in_buffer[512 - byte_len], new_pwrd_size, byte_len, string_flags); #ifdef DEBUG_PASSWORD Modified: branches/SAMBA_3_0/source/smbd/ipc.c =================================================================== --- branches/SAMBA_3_0/source/smbd/ipc.c 2007-07-05 16:27:47 UTC (rev 23725) +++ branches/SAMBA_3_0/source/smbd/ipc.c 2007-07-05 16:33:37 UTC (rev 23726) @@ -543,8 +543,8 @@ state->one_way = BITSETW(inbuf+smb_vwv5,1); memset(state->name, '\0',sizeof(state->name)); - srvstr_pull_buf(inbuf, state->name, smb_buf(inbuf), - sizeof(state->name), STR_TERMINATE); + srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), state->name, + smb_buf(inbuf), sizeof(state->name), STR_TERMINATE); if ((dscnt > state->total_data) || (pscnt > state->total_param)) goto bad_param; Modified: branches/SAMBA_3_0/source/smbd/message.c =================================================================== --- branches/SAMBA_3_0/source/smbd/message.c 2007-07-05 16:27:47 UTC (rev 23725) +++ branches/SAMBA_3_0/source/smbd/message.c 2007-07-05 16:33:37 UTC (rev 23726) @@ -134,8 +134,10 @@ outsize = set_message(inbuf,outbuf,0,0,True); p = smb_buf(inbuf)+1; - p += srvstr_pull_buf(inbuf, msgfrom, p, sizeof(msgfrom), STR_ASCII|STR_TERMINATE) + 1; - p += srvstr_pull_buf(inbuf, msgto, p, sizeof(msgto), STR_ASCII|STR_TERMINATE) + 1; + p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), msgfrom, p, + sizeof(msgfrom), STR_ASCII|STR_TERMINATE) + 1; + p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), msgto, p, + sizeof(msgto), STR_ASCII|STR_TERMINATE) + 1; msg = p; @@ -176,8 +178,10 @@ msgpos = 0; p = smb_buf(inbuf)+1; - p += srvstr_pull_buf(inbuf, msgfrom, p, sizeof(msgfrom), STR_ASCII|STR_TERMINATE) + 1; - p += srvstr_pull_buf(inbuf, msgto, p, sizeof(msgto), STR_ASCII|STR_TERMINATE) + 1; + p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), msgfrom, p, + sizeof(msgfrom), STR_ASCII|STR_TERMINATE) + 1; + p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), msgto, p, + sizeof(msgto), STR_ASCII|STR_TERMINATE) + 1; DEBUG( 3, ( "SMBsendstrt (from %s to %s)\n", msgfrom, msgto ) ); Modified: branches/SAMBA_3_0/source/smbd/nttrans.c =================================================================== --- branches/SAMBA_3_0/source/smbd/nttrans.c 2007-07-05 16:27:47 UTC (rev 23725) +++ branches/SAMBA_3_0/source/smbd/nttrans.c 2007-07-05 16:33:37 UTC (rev 23726) @@ -382,7 +382,8 @@ char *p = NULL; uint32 flags = IVAL(inbuf,smb_ntcreate_Flags); - srvstr_pull_buf(inbuf, fname, smb_buf(inbuf), sizeof(fname), STR_TERMINATE); + srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), fname, smb_buf(inbuf), + sizeof(fname), STR_TERMINATE); if ((ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum)) != 0) { return ret; Modified: branches/SAMBA_3_0/source/smbd/pipes.c =================================================================== --- branches/SAMBA_3_0/source/smbd/pipes.c 2007-07-05 16:27:47 UTC (rev 23725) +++ branches/SAMBA_3_0/source/smbd/pipes.c 2007-07-05 16:33:37 UTC (rev 23726) @@ -65,7 +65,8 @@ int i; /* XXXX we need to handle passed times, sattr and flags */ - srvstr_pull_buf(inbuf, pipe_name, smb_buf(inbuf), sizeof(pipe_name), STR_TERMINATE); + srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), pipe_name, + smb_buf(inbuf), sizeof(pipe_name), STR_TERMINATE); /* If the name doesn't start \PIPE\ then this is directed */ /* at a mailslot or something we really, really don't understand, */ Modified: branches/SAMBA_3_0/source/smbd/reply.c =================================================================== --- branches/SAMBA_3_0/source/smbd/reply.c 2007-07-05 16:27:47 UTC (rev 23725) +++ branches/SAMBA_3_0/source/smbd/reply.c 2007-07-05 16:33:37 UTC (rev 23726) @@ -218,9 +218,11 @@ #endif if (src_len == 0) { - ret = srvstr_pull_buf( inbuf, dest, src, dest_len, flags); + ret = srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), dest, src, + dest_len, flags); } else { - ret = srvstr_pull( inbuf, dest, src, dest_len, src_len, flags); + ret = srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), dest, src, + dest_len, src_len, flags); } *contains_wcard = False; @@ -255,9 +257,11 @@ #endif if (src_len == 0) { - ret = srvstr_pull_buf( inbuf, dest, src, dest_len, flags); + ret = srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), dest, src, + dest_len, flags); } else { - ret = srvstr_pull( inbuf, dest, src, dest_len, src_len, flags); + ret = srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), dest, src, + dest_len, src_len, flags); } if (SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES) { @@ -391,10 +395,13 @@ *service_buf = *password = *dev = 0; p = smb_buf(inbuf)+1; - p += srvstr_pull_buf(inbuf, service_buf, p, sizeof(service_buf), STR_TERMINATE) + 1; - pwlen = srvstr_pull_buf(inbuf, password, p, sizeof(password), STR_TERMINATE) + 1; + p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), service_buf, p, + sizeof(service_buf), STR_TERMINATE) + 1; + pwlen = srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), password, p, + sizeof(password), STR_TERMINATE) + 1; p += pwlen; - p += srvstr_pull_buf(inbuf, dev, p, sizeof(dev), STR_TERMINATE) + 1; + p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), dev, p, sizeof(dev), + STR_TERMINATE) + 1; p = strrchr_m(service_buf,'\\'); if (p) { @@ -478,7 +485,8 @@ p = smb_buf(inbuf) + passlen + 1; } - p += srvstr_pull_buf(inbuf, path, p, sizeof(path), STR_TERMINATE); + p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), path, p, + sizeof(path), STR_TERMINATE); /* * the service name can be either: \\server\share @@ -495,7 +503,8 @@ else fstrcpy(service,path); - p += srvstr_pull(inbuf, client_devicetype, p, sizeof(client_devicetype), 6, STR_ASCII); + p += srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), client_devicetype, p, + sizeof(client_devicetype), 6, STR_ASCII); DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service)); Modified: branches/SAMBA_3_0/source/smbd/sesssetup.c =================================================================== --- branches/SAMBA_3_0/source/smbd/sesssetup.c 2007-07-05 16:27:47 UTC (rev 23725) +++ branches/SAMBA_3_0/source/smbd/sesssetup.c 2007-07-05 16:33:37 UTC (rev 23726) @@ -1057,9 +1057,12 @@ #endif p2 = inbuf + smb_vwv13 + data_blob_len; - p2 += srvstr_pull_buf(inbuf, native_os, p2, sizeof(native_os), STR_TERMINATE); - p2 += srvstr_pull_buf(inbuf, native_lanman, p2, sizeof(native_lanman), STR_TERMINATE); - p2 += srvstr_pull_buf(inbuf, primary_domain, p2, sizeof(primary_domain), STR_TERMINATE); + p2 += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), native_os, p2, + sizeof(native_os), STR_TERMINATE); + p2 += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), native_lanman, p2, + sizeof(native_lanman), STR_TERMINATE); + p2 += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), primary_domain, p2, + sizeof(primary_domain), STR_TERMINATE); DEBUG(3,("NativeOS=[%s] NativeLanMan=[%s] PrimaryDomain=[%s]\n", native_os, native_lanman, primary_domain)); @@ -1283,7 +1286,9 @@ plaintext_password.data[passlen1] = 0; } - srvstr_pull_buf(inbuf, user, smb_buf(inbuf)+passlen1, sizeof(user), STR_TERMINATE); + srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), user, + smb_buf(inbuf)+passlen1, sizeof(user), + STR_TERMINATE); *domain = 0; } else { @@ -1363,21 +1368,28 @@ if (unic && (passlen2 == 0) && passlen1) { /* Only a ascii plaintext password was sent. */ - srvstr_pull(inbuf, pass, smb_buf(inbuf), sizeof(pass), - passlen1, STR_TERMINATE|STR_ASCII); + srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), pass, + smb_buf(inbuf), sizeof(pass), + passlen1, STR_TERMINATE|STR_ASCII); } else { - srvstr_pull(inbuf, pass, smb_buf(inbuf), - sizeof(pass), unic ? passlen2 : passlen1, - STR_TERMINATE); + srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), pass, + smb_buf(inbuf), sizeof(pass), + unic ? passlen2 : passlen1, + STR_TERMINATE); } plaintext_password = data_blob(pass, strlen(pass)+1); } p += passlen1 + passlen2; - p += srvstr_pull_buf(inbuf, user, p, sizeof(user), STR_TERMINATE); - p += srvstr_pull_buf(inbuf, domain, p, sizeof(domain), STR_TERMINATE); - p += srvstr_pull_buf(inbuf, native_os, p, sizeof(native_os), STR_TERMINATE); - p += srvstr_pull_buf(inbuf, native_lanman, p, sizeof(native_lanman), STR_TERMINATE); + p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), user, p, + sizeof(user), STR_TERMINATE); + p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), domain, p, + sizeof(domain), STR_TERMINATE); + p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), native_os, + p, sizeof(native_os), STR_TERMINATE); + p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), + native_lanman, p, sizeof(native_lanman), + STR_TERMINATE); /* not documented or decoded by Ethereal but there is one more string in the extra bytes which is the same as the PrimaryDomain when using @@ -1387,7 +1399,10 @@ byte_count = SVAL(inbuf, smb_vwv13); if ( PTR_DIFF(p, save_p) < byte_count) - p += srvstr_pull_buf(inbuf, primary_domain, p, sizeof(primary_domain), STR_TERMINATE); + p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), + primary_domain, p, + sizeof(primary_domain), + STR_TERMINATE); else fstrcpy( primary_domain, "null" ); Modified: branches/SAMBA_3_0/source/smbd/trans2.c =================================================================== --- branches/SAMBA_3_0/source/smbd/trans2.c 2007-07-05 16:27:47 UTC (rev 23725) +++ branches/SAMBA_3_0/source/smbd/trans2.c 2007-07-05 16:33:37 UTC (rev 23726) @@ -4530,7 +4530,8 @@ return NT_STATUS_ACCESS_DENIED; } - srvstr_pull(inbuf, link_target, pdata, sizeof(link_target), total_data, STR_TERMINATE); + srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), link_target, pdata, + sizeof(link_target), total_data, STR_TERMINATE); /* !widelinks forces the target path to be within the share. */ /* This means we can interpret the target as a pathname. */ @@ -6366,7 +6367,8 @@ if(!lp_host_msdfs()) return ERROR_DOS(ERRDOS,ERRbadfunc); - srvstr_pull(inbuf, pathname, ¶ms[2], sizeof(pathname), total_params - 2, STR_TERMINATE); + srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), pathname, ¶ms[2], + sizeof(pathname), total_params - 2, STR_TERMINATE); if((reply_size = setup_dfs_referral(conn, pathname,max_referral_level,ppdata,&status)) < 0) return ERROR_NT(status);
