| commit | 6c3a617a06f80b3144e756b4b70ea03a0bb1d666 | |
| author | Jeremy Allison <jra@samba.org> | |
| Sat, 30 Jan 2010 00:41:53 +0000 (29 16:41 -0800) | ||
| committer | Fernando J V da Silva <fernandojvsilva@yahoo.com.br> | |
| Thu, 4 Feb 2010 19:09:52 +0000 (4 17:09 -0200) | ||
| tree | cc7fc1df0766467fefaea72455b74f2db3cb9f88 | treesnapshot (tar.gz zip) |
| parent | 1b0357d999ca9e1c0dbe0ab203d00ce831b7fcfa | commitdiff |
Fix a really interesting problem found by Volker's conversion of sessionsetup SPNEGO to asynchronous code.
Normally clistr_push_fn() can depend upon cli->outbuf being
initialized by negprot and sessionsetup packets, and cli->outbuf[smb_flgs2] being
correctly set with FLAGS2_UNICODE_STRINGS when cli_setup_packet() is called. When
all the sessionsetups are async, then cli_setup_packet() is never called, the async
code uses cli_setup_packet_buf() - which initializes the allocated async buffer,
not the cli->outbuf one. So the first time clistr_push_fn() is called is from
libsmb/clidfs.c:cli_dfs_get_referral(), just after the connection and tconX.
In this case cli->outbuf has never been initialized, and cli->outbuf[smb_flgs2] = 0
so the DFS query pushes ASCII on the wire, which is not what we want :-).
Remove the dependency on cli->outbuf[smb_flgs2] in clistr_push_fn(), and
fake up a SVAL(cli->outbuf, smb_flg2) value using cli_ucs2(cli) function
instead, which has been initialized. We only care about the FLAGS2_UNICODE_STRINGS
bit anyway.
I don't think this is an issue for 3.5.0 as the sessionsetup is still
synchronous there, but Volker PLEASE CHECK !
Jeremy.
Normally clistr_push_fn() can depend upon cli->outbuf being
initialized by negprot and sessionsetup packets, and cli->outbuf[smb_flgs2] being
correctly set with FLAGS2_UNICODE_STRINGS when cli_setup_packet() is called. When
all the sessionsetups are async, then cli_setup_packet() is never called, the async
code uses cli_setup_packet_buf() - which initializes the allocated async buffer,
not the cli->outbuf one. So the first time clistr_push_fn() is called is from
libsmb/clidfs.c:cli_dfs_get_referral(), just after the connection and tconX.
In this case cli->outbuf has never been initialized, and cli->outbuf[smb_flgs2] = 0
so the DFS query pushes ASCII on the wire, which is not what we want :-).
Remove the dependency on cli->outbuf[smb_flgs2] in clistr_push_fn(), and
fake up a SVAL(cli->outbuf, smb_flg2) value using cli_ucs2(cli) function
instead, which has been initialized. We only care about the FLAGS2_UNICODE_STRINGS
bit anyway.
I don't think this is an issue for 3.5.0 as the sessionsetup is still
synchronous there, but Volker PLEASE CHECK !
Jeremy.
| source3/libsmb/clistr.c | diffblobblamehistory |