diff options
author | Günther Deschner <gd@samba.org> | 2009-10-21 02:17:32 +0200 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2009-10-21 03:13:59 +0200 |
commit | 209a65bc6f783055f3f6a8cea3fb36587d346511 (patch) | |
tree | df8e0338282f9a6272dea5618ce3311fc35c409c | |
parent | 48520b2274638bde88b08361197c1056936bcba0 (diff) | |
download | samba-209a65bc6f783055f3f6a8cea3fb36587d346511.tar.gz samba-209a65bc6f783055f3f6a8cea3fb36587d346511.tar.bz2 samba-209a65bc6f783055f3f6a8cea3fb36587d346511.zip |
s3-lsa: Fix _lsa_EnumTrustDom() and avoid infite windows client loop.
Found by RPC-LSA-TRUSTED-DOMAIN torture test.
Guenther
-rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 23ea045b88..a9a4fa5b25 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -477,6 +477,15 @@ NTSTATUS _lsa_EnumTrustDom(pipes_struct *p, return STATUS_MORE_ENTRIES; } + /* according to MS-LSAD 3.1.4.7.8 output resume handle MUST + * always be larger than the previous input resume handle, in + * particular when hitting the last query it is vital to set the + * resume handle correctly to avoid infinite client loops, as + * seen e.g. with Windows XP SP3 when resume handle is 0 and + * status is NT_STATUS_OK - gd */ + + *r->out.resume_handle = (uint32_t)-1; + return NT_STATUS_OK; } |