summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2010-02-18 15:03:30 -0800
committerJeremy Allison <jra@samba.org>2010-02-18 15:03:30 -0800
commit11a87cd31eedaf4e43864bf51ac1f53bca53e327 (patch)
tree71dc3c98d1be0f4e6bb950e2fb7e023cedb94b7e /source3
parent2eb83f29648c7647cff4ac6eb38830ae35fcbcb5 (diff)
downloadsamba-11a87cd31eedaf4e43864bf51ac1f53bca53e327.tar.gz
samba-11a87cd31eedaf4e43864bf51ac1f53bca53e327.tar.bz2
samba-11a87cd31eedaf4e43864bf51ac1f53bca53e327.zip
More fixes for bug #7146 - Samba miss-parses authenticated RPC packets.
Ensure we calculate the space correctly (including the ss_padding_len) when constructing reply packets. Jeremy.
Diffstat (limited to 'source3')
-rw-r--r--source3/rpc_server/srv_pipe.c30
1 files changed, 16 insertions, 14 deletions
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 6b08f1f9b3..1c10525659 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -108,8 +108,15 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
return False;
}
- data_space_available = RPC_MAX_PDU_FRAG_LEN - RPC_HEADER_LEN
- - RPC_HDR_RESP_LEN - RPC_HDR_AUTH_LEN - NTLMSSP_SIG_SIZE;
+ if (data_len_left % SERVER_NDR_PADDING_SIZE) {
+ ss_padding_len = SERVER_NDR_PADDING_SIZE - (data_len_left % SERVER_NDR_PADDING_SIZE);
+ DEBUG(10,("create_next_pdu_ntlmssp: adding sign/seal padding of %u\n",
+ ss_padding_len ));
+ }
+
+ data_space_available = RPC_MAX_PDU_FRAG_LEN - RPC_HEADER_LEN -
+ RPC_HDR_RESP_LEN - ss_padding_len - RPC_HDR_AUTH_LEN -
+ NTLMSSP_SIG_SIZE;
/*
* The amount we send is the minimum of the available
@@ -133,12 +140,6 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
p->hdr.flags |= DCERPC_PFC_FLAG_LAST;
}
- if (data_len_left % SERVER_NDR_PADDING_SIZE) {
- ss_padding_len = SERVER_NDR_PADDING_SIZE - (data_len_left % SERVER_NDR_PADDING_SIZE);
- DEBUG(10,("create_next_pdu_ntlmssp: adding sign/seal padding of %u\n",
- ss_padding_len ));
- }
-
/*
* Set up the header lengths.
*/
@@ -328,8 +329,14 @@ static bool create_next_pdu_schannel(pipes_struct *p)
return False;
}
+ if (data_len_left % SERVER_NDR_PADDING_SIZE) {
+ ss_padding_len = SERVER_NDR_PADDING_SIZE - (data_len_left % SERVER_NDR_PADDING_SIZE);
+ DEBUG(10,("create_next_pdu_schannel: adding sign/seal padding of %u\n",
+ ss_padding_len ));
+ }
+
data_space_available = RPC_MAX_PDU_FRAG_LEN - RPC_HEADER_LEN
- - RPC_HDR_RESP_LEN - RPC_HDR_AUTH_LEN
+ - RPC_HDR_RESP_LEN - ss_padding_len - RPC_HDR_AUTH_LEN
- RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN;
/*
@@ -353,11 +360,6 @@ static bool create_next_pdu_schannel(pipes_struct *p)
if(p->out_data.data_sent_length + data_len >= prs_offset(&p->out_data.rdata)) {
p->hdr.flags |= DCERPC_PFC_FLAG_LAST;
}
- if (data_len_left % SERVER_NDR_PADDING_SIZE) {
- ss_padding_len = SERVER_NDR_PADDING_SIZE - (data_len_left % SERVER_NDR_PADDING_SIZE);
- DEBUG(10,("create_next_pdu_schannel: adding sign/seal padding of %u\n",
- ss_padding_len ));
- }
p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len + ss_padding_len +
RPC_HDR_AUTH_LEN + RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN;