diff options
| author | Jeremy Allison <jra@samba.org> | 2010-02-18 15:03:30 -0800 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2010-02-18 15:03:30 -0800 |
| commit | 11a87cd31eedaf4e43864bf51ac1f53bca53e327 (patch) | |
| tree | 71dc3c98d1be0f4e6bb950e2fb7e023cedb94b7e /source3 | |
| parent | 2eb83f29648c7647cff4ac6eb38830ae35fcbcb5 (diff) | |
| download | samba-11a87cd31eedaf4e43864bf51ac1f53bca53e327.tar.gz samba-11a87cd31eedaf4e43864bf51ac1f53bca53e327.tar.bz2 samba-11a87cd31eedaf4e43864bf51ac1f53bca53e327.zip | |
More fixes for bug #7146 - Samba miss-parses authenticated RPC packets.
Ensure we calculate the space correctly (including the ss_padding_len)
when constructing reply packets.
Jeremy.
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/rpc_server/srv_pipe.c | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 6b08f1f9b3..1c10525659 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -108,8 +108,15 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p) return False; } - data_space_available = RPC_MAX_PDU_FRAG_LEN - RPC_HEADER_LEN - - RPC_HDR_RESP_LEN - RPC_HDR_AUTH_LEN - NTLMSSP_SIG_SIZE; + if (data_len_left % SERVER_NDR_PADDING_SIZE) { + ss_padding_len = SERVER_NDR_PADDING_SIZE - (data_len_left % SERVER_NDR_PADDING_SIZE); + DEBUG(10,("create_next_pdu_ntlmssp: adding sign/seal padding of %u\n", + ss_padding_len )); + } + + data_space_available = RPC_MAX_PDU_FRAG_LEN - RPC_HEADER_LEN - + RPC_HDR_RESP_LEN - ss_padding_len - RPC_HDR_AUTH_LEN - + NTLMSSP_SIG_SIZE; /* * The amount we send is the minimum of the available @@ -133,12 +140,6 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p) p->hdr.flags |= DCERPC_PFC_FLAG_LAST; } - if (data_len_left % SERVER_NDR_PADDING_SIZE) { - ss_padding_len = SERVER_NDR_PADDING_SIZE - (data_len_left % SERVER_NDR_PADDING_SIZE); - DEBUG(10,("create_next_pdu_ntlmssp: adding sign/seal padding of %u\n", - ss_padding_len )); - } - /* * Set up the header lengths. */ @@ -328,8 +329,14 @@ static bool create_next_pdu_schannel(pipes_struct *p) return False; } + if (data_len_left % SERVER_NDR_PADDING_SIZE) { + ss_padding_len = SERVER_NDR_PADDING_SIZE - (data_len_left % SERVER_NDR_PADDING_SIZE); + DEBUG(10,("create_next_pdu_schannel: adding sign/seal padding of %u\n", + ss_padding_len )); + } + data_space_available = RPC_MAX_PDU_FRAG_LEN - RPC_HEADER_LEN - - RPC_HDR_RESP_LEN - RPC_HDR_AUTH_LEN + - RPC_HDR_RESP_LEN - ss_padding_len - RPC_HDR_AUTH_LEN - RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN; /* @@ -353,11 +360,6 @@ static bool create_next_pdu_schannel(pipes_struct *p) if(p->out_data.data_sent_length + data_len >= prs_offset(&p->out_data.rdata)) { p->hdr.flags |= DCERPC_PFC_FLAG_LAST; } - if (data_len_left % SERVER_NDR_PADDING_SIZE) { - ss_padding_len = SERVER_NDR_PADDING_SIZE - (data_len_left % SERVER_NDR_PADDING_SIZE); - DEBUG(10,("create_next_pdu_schannel: adding sign/seal padding of %u\n", - ss_padding_len )); - } p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len + ss_padding_len + RPC_HDR_AUTH_LEN + RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN; |