microsoft is slowly fixing some buffer overflow errors in dce/rpc code (SP4).

therefore, they are being more strict, first in the server-side code, and
now in the client-side code.

this fixes a bind-request that was too short by 16 bytes, and an rpc-request
that was too long by 24 bytes.
(This used to be commit a69ed7846a1e1403ea51d76d6962b97e8c768b29)

1 files changed, 2 insertions, 2 deletions

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 1689ae0e69..b178f38a58 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -324,7 +324,7 @@ static BOOL create_rpc_bind_req(prs_struct *rhdr,
 
   /* create the request RPC_HDR */
   make_rpc_hdr(&hdr, RPC_BIND, 0x0, get_rpc_call_id(),
-               rhdr_rb->offset, auth_req != NULL ? auth_req->offset : 0);
+               rhdr_rb->offset + 0x10, auth_req != NULL ? auth_req->offset : 0);
 
   smb_io_rpc_hdr("hdr"   , &hdr   , rhdr, 0);
   mem_realloc_data(rhdr->data, rhdr->offset);
@@ -380,7 +380,7 @@ static BOOL create_rpc_request(prs_struct *rhdr, uint8 op_num, int data_len)
 
   /* create the rpc header RPC_HDR */
   make_rpc_hdr(&hdr   , RPC_REQUEST, RPC_FLG_FIRST | RPC_FLG_LAST,
-               get_rpc_call_id(), data_len + 0x18, 0);
+               get_rpc_call_id(), data_len, 0);
 
   /* create the rpc request RPC_HDR_REQ */
   make_rpc_hdr_req(&hdr_req, data_len, op_num);