s3:mdssvc: fix unmarshalling of empty CNID array

len=0 is invalid, len=8 is an empty array, len>8 is an array with members, so
for the len=8 case we must add the empty cnid array.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/selftest/knownfail.d/samba4.local.mdspkt b/selftest/knownfail.d/samba4.local.mdspkt
deleted file mode 100644 (file)
index fcfc083..0000000
--- a/selftest/knownfail.d/samba4.local.mdspkt
+++ /dev/null
@@ -1 +0,0 @@
-^samba4.local.mdspkt.empty_cnid_fm\(none\)

diff --git a/source3/rpc_server/mdssvc/marshalling.c b/source3/rpc_server/mdssvc/marshalling.c
index 8fa7f1732285192924e2d14bbcd075fdfe9977ec..1aa750413cda48e7189d3b79846a533769389b79 100644 (file)
--- a/source3/rpc_server/mdssvc/marshalling.c
+++ b/source3/rpc_server/mdssvc/marshalling.c
@@ -847,12 +847,17 @@ static int sl_unpack_CNID(DALLOC_CTX *query,
                return -1;
        }
 
-       if (length <= 16) {
+       if (length < 8) {
+               return -1;
+       }
+       if (length == 8) {
                /*
-                * That's permitted, iirc length = 16 is an empty
-                * array, so anything lesser then 16 should probably
-                * be treated as an error, but I'm not quite sure.
+                * That's permitted, length=8 is an empty CNID array.
                 */
+               result = dalloc_add(query, cnids, sl_cnids_t);
+               if (result != 0) {
+                       return -1;
+               }
                return 0;
        }