/**
pull a UCS2 string from a request packet, returning a talloced unix string
the string length is limited by the 3 things:
- the data size in the request (end of packet)
- the passed 'byte_len' if it is not -1
- the end of string (null termination)
Note that 'byte_len' is the number of bytes in the packet
on failure zero is returned and *dest is set to NULL, otherwise the number
of bytes consumed in the packet is returned
*/
static size_t req_pull_ucs2(struct request_bufinfo *bufinfo, const char **dest, const uint8_t *src, int byte_len, unsigned int flags)
{
int src_len, src_len2, alignment=0;
bool ret;
char *dest2;
size_t converted_size = 0;
if (!(flags & STR_NOALIGN) && ucs2_align(bufinfo->align_base, src, flags)) {
src++;
alignment=1;
if (byte_len != -1) {
byte_len--;
}
}
if (flags & STR_NO_RANGE_CHECK) {
src_len = byte_len;
} else {
src_len = bufinfo->data_size - PTR_DIFF(src, bufinfo->data);
if (byte_len != -1 && src_len > byte_len) {
src_len = byte_len;
}
}
if (src_len < 0) {
*dest = NULL;
return 0;
}
src_len2 = utf16_len_n(src, src_len);
if (src_len2 == 0) {
*dest = talloc_strdup(bufinfo->mem_ctx, "");
return src_len2 + alignment;
}
ret = convert_string_talloc(bufinfo->mem_ctx, CH_UTF16, CH_UNIX, src, src_len2, (void **)&dest2, &converted_size);
if (!ret) {
*dest = NULL;
return 0;
}
*dest = dest2;
return src_len2 + alignment;
}
/**
pull a UCS2 string from a blob, returning a talloced unix string
the string length is limited by the 3 things:
- the data size in the blob
- the passed 'byte_len' if it is not -1
- the end of string (null termination)
Note that 'byte_len' is the number of bytes in the packet
on failure zero is returned and *dest is set to NULL, otherwise the number
of bytes consumed in the blob is returned
*/
size_t smbcli_blob_pull_ucs2(TALLOC_CTX* mem_ctx,
const DATA_BLOB *blob, const char **dest,
const uint8_t *src, int byte_len, unsigned int flags)
{
int src_len, src_len2, alignment=0;
size_t ret_size;
bool ret;
char *dest2;
if (src < blob->data ||
src >= (blob->data + blob->length)) {
*dest = NULL;
return 0;
}
src_len = blob->length - PTR_DIFF(src, blob->data);
if (byte_len != -1 && src_len > byte_len) {
src_len = byte_len;
}
if (!(flags & STR_NOALIGN) && ucs2_align(blob->data, src, flags)) {
src++;
alignment=1;
src_len--;
}
if (src_len < 2) {
*dest = NULL;
return 0;
}
src_len2 = utf16_len_n(src, src_len);
ret = convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX, src, src_len2, (void **)&dest2, &ret_size);
if (!ret) {
*dest = NULL;
return 0;
}
*dest = dest2;
return src_len2 + alignment;
}
/*
pull a UCS2 string from a request packet, returning a talloced unix string
the string length is limited by the 3 things:
- the data size in the request (end of packet)
- the passed 'byte_len' if it is not -1
- the end of string (null termination)
Note that 'byte_len' is the number of bytes in the packet
on failure zero is returned and *dest is set to NULL, otherwise the number
of bytes consumed in the packet is returned
*/
static size_t smbcli_req_pull_ucs2(struct request_bufinfo *bufinfo, TALLOC_CTX *mem_ctx,
char **dest, const uint8_t *src, int byte_len, unsigned int flags)
{
int src_len, src_len2, alignment=0;
bool ret;
size_t ret_size;
if (!(flags & STR_NOALIGN) && ucs2_align(bufinfo->align_base, src, flags)) {
src++;
alignment=1;
if (byte_len != -1) {
byte_len--;
}
}
src_len = bufinfo->data_size - PTR_DIFF(src, bufinfo->data);
if (src_len < 0) {
*dest = NULL;
return 0;
}
if (byte_len != -1 && src_len > byte_len) {
src_len = byte_len;
}
src_len2 = utf16_len_n(src, src_len);
/* ucs2 strings must be at least 2 bytes long */
if (src_len2 < 2) {
*dest = NULL;
return 0;
}
ret = convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX, src, src_len2, (void **)dest, &ret_size);
if (!ret) {
*dest = NULL;
return 0;
}
return src_len2 + alignment;
}
/**
pull a general string from the wire
*/
NTSTATUS ndr_pull_string(struct ndr_pull *ndr, int ndr_flags, const char **s)
{
char *as=NULL;
uint32_t len1, ofs, len2;
uint16_t len3;
int ret;
charset_t chset = CH_UTF16LE;
unsigned byte_mul = 2;
unsigned flags = ndr->flags;
unsigned c_len_term = 0;
if (!(ndr_flags & NDR_SCALARS)) {
return NT_STATUS_OK;
}
if (NDR_BE(ndr)) {
chset = CH_UTF16BE;
}
if (flags & LIBNDR_FLAG_STR_ASCII) {
chset = CH_DOS;
byte_mul = 1;
flags &= ~LIBNDR_FLAG_STR_ASCII;
}
if (flags & LIBNDR_FLAG_STR_UTF8) {
chset = CH_UTF8;
byte_mul = 1;
flags &= ~LIBNDR_FLAG_STR_UTF8;
}
flags &= ~LIBNDR_FLAG_STR_CONFORMANT;
if (flags & LIBNDR_FLAG_STR_CHARLEN) {
c_len_term = 1;
flags &= ~LIBNDR_FLAG_STR_CHARLEN;
}
switch (flags & LIBNDR_STRING_FLAGS) {
case LIBNDR_FLAG_STR_LEN4|LIBNDR_FLAG_STR_SIZE4:
case LIBNDR_FLAG_STR_LEN4|LIBNDR_FLAG_STR_SIZE4|LIBNDR_FLAG_STR_NOTERM:
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &len1));
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &ofs));
if (ofs != 0) {
return ndr_pull_error(ndr, NDR_ERR_STRING, "non-zero array offset with string flags 0x%x\n",
ndr->flags & LIBNDR_STRING_FLAGS);
}
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &len2));
if (len2 > len1) {
return ndr_pull_error(ndr, NDR_ERR_STRING,
"Bad string lengths len1=%u ofs=%u len2=%u\n",
len1, ofs, len2);
}
NDR_PULL_NEED_BYTES(ndr, (len2 + c_len_term)*byte_mul);
if (len2 == 0) {
as = talloc_strdup(ndr->current_mem_ctx, "");
} else {
ret = convert_string_talloc(ndr->current_mem_ctx,
chset, CH_UNIX,
ndr->data+ndr->offset,
(len2 + c_len_term)*byte_mul,
&as, True);
if (ret == -1) {
return ndr_pull_error(ndr, NDR_ERR_CHARCNV,
"Bad character conversion");
}
}
NDR_CHECK(ndr_pull_advance(ndr, (len2 + c_len_term)*byte_mul));
if (len1 != len2) {
DEBUG(6,("len1[%u] != len2[%u] '%s'\n", len1, len2, as));
}
/* this is a way of detecting if a string is sent with the wrong
termination */
if (ndr->flags & LIBNDR_FLAG_STR_NOTERM) {
if (strlen(as) < (len2 + c_len_term)) {
DEBUG(6,("short string '%s'\n", as));
}
} else {
if (strlen(as) == (len2 + c_len_term)) {
DEBUG(6,("long string '%s'\n", as));
}
}
*s = as;
break;
case LIBNDR_FLAG_STR_SIZE4:
case LIBNDR_FLAG_STR_SIZE4|LIBNDR_FLAG_STR_NOTERM:
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &len1));
NDR_PULL_NEED_BYTES(ndr, (len1 + c_len_term)*byte_mul);
if (len1 == 0) {
as = talloc_strdup(ndr->current_mem_ctx, "");
} else {
ret = convert_string_talloc(ndr->current_mem_ctx,
chset, CH_UNIX,
ndr->data+ndr->offset,
(len1 + c_len_term)*byte_mul,
&as, False);
if (ret == -1) {
return ndr_pull_error(ndr, NDR_ERR_CHARCNV,
"Bad character conversion");
}
}
NDR_CHECK(ndr_pull_advance(ndr, (len1 + c_len_term)*byte_mul));
/* this is a way of detecting if a string is sent with the wrong
termination */
if (ndr->flags & LIBNDR_FLAG_STR_NOTERM) {
if (strlen(as) < (len1 + c_len_term)) {
DEBUG(6,("short string '%s'\n", as));
}
} else {
if (strlen(as) == (len1 + c_len_term)) {
DEBUG(6,("long string '%s'\n", as));
}
}
*s = as;
break;
case LIBNDR_FLAG_STR_LEN4:
case LIBNDR_FLAG_STR_LEN4|LIBNDR_FLAG_STR_NOTERM:
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &ofs));
if (ofs != 0) {
return ndr_pull_error(ndr, NDR_ERR_STRING, "non-zero array offset with string flags 0x%x\n",
ndr->flags & LIBNDR_STRING_FLAGS);
}
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &len1));
NDR_PULL_NEED_BYTES(ndr, (len1 + c_len_term)*byte_mul);
if (len1 == 0) {
as = talloc_strdup(ndr->current_mem_ctx, "");
} else {
ret = convert_string_talloc(ndr->current_mem_ctx,
chset, CH_UNIX,
ndr->data+ndr->offset,
(len1 + c_len_term)*byte_mul,
&as, False);
if (ret == -1) {
return ndr_pull_error(ndr, NDR_ERR_CHARCNV,
"Bad character conversion");
}
}
NDR_CHECK(ndr_pull_advance(ndr, (len1 + c_len_term)*byte_mul));
/* this is a way of detecting if a string is sent with the wrong
termination */
if (ndr->flags & LIBNDR_FLAG_STR_NOTERM) {
if (strlen(as) < (len1 + c_len_term)) {
DEBUG(6,("short string '%s'\n", as));
}
} else {
if (strlen(as) == (len1 + c_len_term)) {
DEBUG(6,("long string '%s'\n", as));
}
}
*s = as;
break;
case LIBNDR_FLAG_STR_SIZE2:
case LIBNDR_FLAG_STR_SIZE2|LIBNDR_FLAG_STR_NOTERM:
NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &len3));
NDR_PULL_NEED_BYTES(ndr, (len3 + c_len_term)*byte_mul);
if (len3 == 0) {
as = talloc_strdup(ndr->current_mem_ctx, "");
} else {
ret = convert_string_talloc(ndr->current_mem_ctx,
chset, CH_UNIX,
ndr->data+ndr->offset,
(len3 + c_len_term)*byte_mul,
&as, False);
if (ret == -1) {
return ndr_pull_error(ndr, NDR_ERR_CHARCNV,
"Bad character conversion");
}
}
NDR_CHECK(ndr_pull_advance(ndr, (len3 + c_len_term)*byte_mul));
/* this is a way of detecting if a string is sent with the wrong
termination */
if (ndr->flags & LIBNDR_FLAG_STR_NOTERM) {
if (strlen(as) < (len3 + c_len_term)) {
DEBUG(6,("short string '%s'\n", as));
}
} else {
if (strlen(as) == (len3 + c_len_term)) {
DEBUG(6,("long string '%s'\n", as));
}
}
*s = as;
break;
case LIBNDR_FLAG_STR_SIZE2|LIBNDR_FLAG_STR_NOTERM|LIBNDR_FLAG_STR_BYTESIZE:
NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &len3));
NDR_PULL_NEED_BYTES(ndr, len3);
if (len3 == 0) {
as = talloc_strdup(ndr->current_mem_ctx, "");
} else {
ret = convert_string_talloc(ndr->current_mem_ctx,
chset, CH_UNIX,
ndr->data+ndr->offset,
len3, &as, False);
if (ret == -1) {
return ndr_pull_error(ndr, NDR_ERR_CHARCNV,
"Bad character conversion");
}
}
NDR_CHECK(ndr_pull_advance(ndr, len3));
*s = as;
break;
case LIBNDR_FLAG_STR_NULLTERM:
if (byte_mul == 1) {
len1 = ascii_len_n((const char *)(ndr->data+ndr->offset), ndr->data_size - ndr->offset);
} else {
len1 = utf16_len_n(ndr->data+ndr->offset, ndr->data_size - ndr->offset);
}
ret = convert_string_talloc(ndr->current_mem_ctx,
chset, CH_UNIX,
ndr->data+ndr->offset,
len1, &as, False);
if (ret == -1) {
return ndr_pull_error(ndr, NDR_ERR_CHARCNV,
"Bad character conversion");
}
NDR_CHECK(ndr_pull_advance(ndr, len1));
*s = as;
break;
case LIBNDR_FLAG_STR_FIXLEN15:
case LIBNDR_FLAG_STR_FIXLEN32:
len1 = (flags & LIBNDR_FLAG_STR_FIXLEN32)?32:15;
NDR_PULL_NEED_BYTES(ndr, len1*byte_mul);
ret = convert_string_talloc(ndr->current_mem_ctx,
chset, CH_UNIX,
ndr->data+ndr->offset,
len1*byte_mul, &as, False);
if (ret == -1) {
return ndr_pull_error(ndr, NDR_ERR_CHARCNV,
"Bad character conversion");
}
NDR_CHECK(ndr_pull_advance(ndr, len1*byte_mul));
*s = as;
break;
default:
return ndr_pull_error(ndr, NDR_ERR_STRING, "Bad string flags 0x%x\n",
ndr->flags & LIBNDR_STRING_FLAGS);
}
return NT_STATUS_OK;
}
