summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2009-10-21 02:17:32 +0200
committerGünther Deschner <gd@samba.org>2009-10-21 03:13:59 +0200
commit209a65bc6f783055f3f6a8cea3fb36587d346511 (patch)
treedf8e0338282f9a6272dea5618ce3311fc35c409c
parent48520b2274638bde88b08361197c1056936bcba0 (diff)
downloadsamba-209a65bc6f783055f3f6a8cea3fb36587d346511.tar.gz
samba-209a65bc6f783055f3f6a8cea3fb36587d346511.tar.bz2
samba-209a65bc6f783055f3f6a8cea3fb36587d346511.zip
s3-lsa: Fix _lsa_EnumTrustDom() and avoid infite windows client loop.
Found by RPC-LSA-TRUSTED-DOMAIN torture test. Guenther
-rw-r--r--source3/rpc_server/srv_lsa_nt.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 23ea045b88..a9a4fa5b25 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -477,6 +477,15 @@ NTSTATUS _lsa_EnumTrustDom(pipes_struct *p,
return STATUS_MORE_ENTRIES;
}
+ /* according to MS-LSAD 3.1.4.7.8 output resume handle MUST
+ * always be larger than the previous input resume handle, in
+ * particular when hitting the last query it is vital to set the
+ * resume handle correctly to avoid infinite client loops, as
+ * seen e.g. with Windows XP SP3 when resume handle is 0 and
+ * status is NT_STATUS_OK - gd */
+
+ *r->out.resume_handle = (uint32_t)-1;
+
return NT_STATUS_OK;
}