diff options
author | Luke Leighton <lkcl@samba.org> | 1998-10-02 18:14:38 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 1998-10-02 18:14:38 +0000 |
commit | c43c53b886ec62b249ffebcd4e6656042e4753bc (patch) | |
tree | 67a1e5f8e90df4e1726c9f7b366c56b9f18027ac /source3/rpc_client | |
parent | 495eedb14fb4f00c2dbfe4ee530e535b32236e77 (diff) | |
download | samba-c43c53b886ec62b249ffebcd4e6656042e4753bc.tar.gz samba-c43c53b886ec62b249ffebcd4e6656042e4753bc.tar.bz2 samba-c43c53b886ec62b249ffebcd4e6656042e4753bc.zip |
microsoft is slowly fixing some buffer overflow errors in dce/rpc code (SP4).
therefore, they are being more strict, first in the server-side code, and
now in the client-side code.
this fixes a bind-request that was too short by 16 bytes, and an rpc-request
that was too long by 24 bytes.
(This used to be commit a69ed7846a1e1403ea51d76d6962b97e8c768b29)
Diffstat (limited to 'source3/rpc_client')
-rw-r--r-- | source3/rpc_client/cli_pipe.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 1689ae0e69..b178f38a58 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -324,7 +324,7 @@ static BOOL create_rpc_bind_req(prs_struct *rhdr, /* create the request RPC_HDR */ make_rpc_hdr(&hdr, RPC_BIND, 0x0, get_rpc_call_id(), - rhdr_rb->offset, auth_req != NULL ? auth_req->offset : 0); + rhdr_rb->offset + 0x10, auth_req != NULL ? auth_req->offset : 0); smb_io_rpc_hdr("hdr" , &hdr , rhdr, 0); mem_realloc_data(rhdr->data, rhdr->offset); @@ -380,7 +380,7 @@ static BOOL create_rpc_request(prs_struct *rhdr, uint8 op_num, int data_len) /* create the rpc header RPC_HDR */ make_rpc_hdr(&hdr , RPC_REQUEST, RPC_FLG_FIRST | RPC_FLG_LAST, - get_rpc_call_id(), data_len + 0x18, 0); + get_rpc_call_id(), data_len, 0); /* create the rpc request RPC_HDR_REQ */ make_rpc_hdr_req(&hdr_req, data_len, op_num); |