summaryrefslogtreecommitdiff
path: root/source3/rpc_client/cli_pipe.c
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1998-10-02 18:14:38 +0000
committerLuke Leighton <lkcl@samba.org>1998-10-02 18:14:38 +0000
commitc43c53b886ec62b249ffebcd4e6656042e4753bc (patch)
tree67a1e5f8e90df4e1726c9f7b366c56b9f18027ac /source3/rpc_client/cli_pipe.c
parent495eedb14fb4f00c2dbfe4ee530e535b32236e77 (diff)
downloadsamba-c43c53b886ec62b249ffebcd4e6656042e4753bc.tar.gz
samba-c43c53b886ec62b249ffebcd4e6656042e4753bc.tar.bz2
samba-c43c53b886ec62b249ffebcd4e6656042e4753bc.zip
microsoft is slowly fixing some buffer overflow errors in dce/rpc code (SP4).
therefore, they are being more strict, first in the server-side code, and now in the client-side code. this fixes a bind-request that was too short by 16 bytes, and an rpc-request that was too long by 24 bytes. (This used to be commit a69ed7846a1e1403ea51d76d6962b97e8c768b29)
Diffstat (limited to 'source3/rpc_client/cli_pipe.c')
-rw-r--r--source3/rpc_client/cli_pipe.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 1689ae0e69..b178f38a58 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -324,7 +324,7 @@ static BOOL create_rpc_bind_req(prs_struct *rhdr,
/* create the request RPC_HDR */
make_rpc_hdr(&hdr, RPC_BIND, 0x0, get_rpc_call_id(),
- rhdr_rb->offset, auth_req != NULL ? auth_req->offset : 0);
+ rhdr_rb->offset + 0x10, auth_req != NULL ? auth_req->offset : 0);
smb_io_rpc_hdr("hdr" , &hdr , rhdr, 0);
mem_realloc_data(rhdr->data, rhdr->offset);
@@ -380,7 +380,7 @@ static BOOL create_rpc_request(prs_struct *rhdr, uint8 op_num, int data_len)
/* create the rpc header RPC_HDR */
make_rpc_hdr(&hdr , RPC_REQUEST, RPC_FLG_FIRST | RPC_FLG_LAST,
- get_rpc_call_id(), data_len + 0x18, 0);
+ get_rpc_call_id(), data_len, 0);
/* create the rpc request RPC_HDR_REQ */
make_rpc_hdr_req(&hdr_req, data_len, op_num);