The branch, master has been updated
via 11a87cd... More fixes for bug #7146 - Samba miss-parses
authenticated RPC packets.
from 2eb83f2... s4-smbtorture: add LOCAL-NSS-WRAPPER-DUPLICATES test.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 11a87cd31eedaf4e43864bf51ac1f53bca53e327
Author: Jeremy Allison <[email protected]>
Date: Thu Feb 18 15:03:30 2010 -0800
More fixes for bug #7146 - Samba miss-parses authenticated RPC packets.
Ensure we calculate the space correctly (including the ss_padding_len)
when constructing reply packets.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_server/srv_pipe.c | 30 ++++++++++++++++--------------
1 files changed, 16 insertions(+), 14 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 6b08f1f..1c10525 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -108,8 +108,15 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
return False;
}
- data_space_available = RPC_MAX_PDU_FRAG_LEN - RPC_HEADER_LEN
- - RPC_HDR_RESP_LEN - RPC_HDR_AUTH_LEN - NTLMSSP_SIG_SIZE;
+ if (data_len_left % SERVER_NDR_PADDING_SIZE) {
+ ss_padding_len = SERVER_NDR_PADDING_SIZE - (data_len_left %
SERVER_NDR_PADDING_SIZE);
+ DEBUG(10,("create_next_pdu_ntlmssp: adding sign/seal padding of
%u\n",
+ ss_padding_len ));
+ }
+
+ data_space_available = RPC_MAX_PDU_FRAG_LEN - RPC_HEADER_LEN -
+ RPC_HDR_RESP_LEN - ss_padding_len - RPC_HDR_AUTH_LEN -
+ NTLMSSP_SIG_SIZE;
/*
* The amount we send is the minimum of the available
@@ -133,12 +140,6 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
p->hdr.flags |= DCERPC_PFC_FLAG_LAST;
}
- if (data_len_left % SERVER_NDR_PADDING_SIZE) {
- ss_padding_len = SERVER_NDR_PADDING_SIZE - (data_len_left %
SERVER_NDR_PADDING_SIZE);
- DEBUG(10,("create_next_pdu_ntlmssp: adding sign/seal padding of
%u\n",
- ss_padding_len ));
- }
-
/*
* Set up the header lengths.
*/
@@ -328,8 +329,14 @@ static bool create_next_pdu_schannel(pipes_struct *p)
return False;
}
+ if (data_len_left % SERVER_NDR_PADDING_SIZE) {
+ ss_padding_len = SERVER_NDR_PADDING_SIZE - (data_len_left %
SERVER_NDR_PADDING_SIZE);
+ DEBUG(10,("create_next_pdu_schannel: adding sign/seal padding
of %u\n",
+ ss_padding_len ));
+ }
+
data_space_available = RPC_MAX_PDU_FRAG_LEN - RPC_HEADER_LEN
- - RPC_HDR_RESP_LEN - RPC_HDR_AUTH_LEN
+ - RPC_HDR_RESP_LEN - ss_padding_len - RPC_HDR_AUTH_LEN
- RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN;
/*
@@ -353,11 +360,6 @@ static bool create_next_pdu_schannel(pipes_struct *p)
if(p->out_data.data_sent_length + data_len >=
prs_offset(&p->out_data.rdata)) {
p->hdr.flags |= DCERPC_PFC_FLAG_LAST;
}
- if (data_len_left % SERVER_NDR_PADDING_SIZE) {
- ss_padding_len = SERVER_NDR_PADDING_SIZE - (data_len_left %
SERVER_NDR_PADDING_SIZE);
- DEBUG(10,("create_next_pdu_schannel: adding sign/seal padding
of %u\n",
- ss_padding_len ));
- }
p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len +
ss_padding_len +
RPC_HDR_AUTH_LEN +
RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN;
--
Samba Shared Repository
