Hi. To check that this is indeed samba bug 10716, I'm currently building
a modified package with this patch applied, which is just a merge of
upstream commits:
9380478a0b292bcb0c11987a88803a37a064d618
and
dfe8dd87e15bec453c7d3a80c4c707d3f2c7b597
diff --git a/samba-4.1.11+dfsg/lib/util/charset/util_str.c b/samba-4.1.11+dfsg/lib/util/charset/util_str.c
index 688ab5a..f62c999 100644
--- a/lib/util/charset/util_str.c
+++ b/lib/util/charset/util_str.c
@@ -56,7 +56,17 @@ _PUBLIC_ int strcasecmp_m_handle(struct smb_iconv_handle *iconv_handle,
if (c1 == INVALID_CODEPOINT ||
c2 == INVALID_CODEPOINT) {
- /* what else can we do?? */
+ /*
+ * Fall back to byte
+ * comparison. We must
+ * step back by the codepoint
+ * length we just incremented
+ * - otherwise we are not
+ * checking the bytes that
+ * failed the conversion.
+ */
+ s1 -= size1;
+ s2 -= size2;
return strcasecmp(s1, s2);
}
@@ -106,8 +116,33 @@ _PUBLIC_ int strncasecmp_m_handle(struct smb_iconv_handle *iconv_handle,
if (c1 == INVALID_CODEPOINT ||
c2 == INVALID_CODEPOINT) {
- /* what else can we do?? */
- return strcasecmp(s1, s2);
+ /*
+ * Fall back to byte
+ * comparison. We must
+ * step back by the codepoint
+ * length we just incremented
+ * by - otherwise we are not
+ * checking the bytes that
+ * failed the conversion.
+ */
+ s1 -= size1;
+ s2 -= size2;
+ /*
+ * n was specified in characters,
+ * now we must convert it to bytes.
+ * As bytes are the smallest
+ * character unit, the following
+ * increment and strncasecmp is always
+ * safe.
+ *
+ * The source string was already known
+ * to be n characters long, so we are
+ * guaranteed to be able to look at the
+ * (n remaining + size1) bytes from the
+ * new (s1 - size1) position).
+ */
+ n += size1;
+ return strncasecmp(s1, s2, n);
}
if (toupper_m(c1) != toupper_m(c2)) {
