The branch, master has been updated
via ad2e243 Fix bug 8040 - smbclient segfaults when a Cyrillic netbios
name or workgroup is configured.
from 5779460 s3-netapi: fix memoryleak while not using talloc_tos() in
cli_get_session_key() usage.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit ad2e243f8d196a448c2b307feb57a9141c200cd1
Author: Jeremy Allison <[email protected]>
Date: Fri Mar 25 14:37:29 2011 -0700
Fix bug 8040 - smbclient segfaults when a Cyrillic netbios name or
workgroup is configured.
As discovered by David Disseldorp <[email protected]>, convert_string_talloc()
doesn't always return consistent results for a zero length string. The
API states an incoming string must *always* contain the terminating null,
but unfotunately too much code expects passing in a zero source length
to return a null terminated string, so at least ensure we return a
correct null string in the required character set and return the
correct length.
Also ensure we cannot return a zero length for a converted string
(we ensure that the returned buffer is always allocated and zero
terminated anyway) as calling code depends on the fact that returning
true from this function will *always* return a non-zero length (as
it must include the terminating null).
Jeremy.
Autobuild-User: Jeremy Allison <[email protected]>
Autobuild-Date: Fri Mar 25 23:25:40 CET 2011 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source3/lib/charcnv.c | 25 +++++++++++++++++++++++--
1 files changed, 23 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/lib/charcnv.c b/source3/lib/charcnv.c
index 0be86ef..f95442a 100644
--- a/source3/lib/charcnv.c
+++ b/source3/lib/charcnv.c
@@ -389,14 +389,24 @@ bool convert_string_talloc(TALLOC_CTX *ctx, charset_t
from, charset_t to,
errno = EINVAL;
return false;
}
+
if (srclen == 0) {
- ob = talloc_strdup(ctx, "");
+ /* We really should treat this as an error, but
+ there are too many callers that need this to
+ return a NULL terminated string in the correct
+ character set. */
+ if (to == CH_UTF16LE|| to == CH_UTF16BE || to ==
CH_UTF16MUNGED) {
+ destlen = 2;
+ } else {
+ destlen = 1;
+ }
+ ob = talloc_zero_array(ctx, char, destlen);
if (ob == NULL) {
errno = ENOMEM;
return false;
}
+ *converted_size = destlen;
*dest = ob;
- *converted_size = 0;
return true;
}
@@ -480,6 +490,17 @@ bool convert_string_talloc(TALLOC_CTX *ctx, charset_t
from, charset_t to,
ob[destlen] = '\0';
ob[destlen+1] = '\0';
+ /* Ensure we can never return a *converted_size of zero. */
+ if (destlen == 0) {
+ /* As we're now returning false on a bad smb_iconv call,
+ this should never happen. But be safe anyway. */
+ if (to == CH_UTF16LE|| to == CH_UTF16BE || to ==
CH_UTF16MUNGED) {
+ destlen = 2;
+ } else {
+ destlen = 1;
+ }
+ }
+
*converted_size = destlen;
return true;
}
--
Samba Shared Repository
