r19502: fixed the RPC-SECRETS test with kerberos. Andrew, can you look at this

as well? The server side change is needed to fix a valgrind error, which was possibly exploitable if the client sent deliberately bad data (This used to be commit e3c04cf165fe15739197b2713e78046399aa7653)
author: Andrew Tridgell <tridge@samba.org> 2006-10-28 04:17:43 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 14:24:40 -0500
commit: bb435cbd0313ec0ec6889181223929578603d73d (patch)
tree: 9391ad673efd745e208f96537688eccfa05ddb8e /source4/rpc_server
parent: b4a5794e0983d41beec38ddc8430e04833af5915 (diff)
download: samba-bb435cbd0313ec0ec6889181223929578603d73d.tar.gz
samba-bb435cbd0313ec0ec6889181223929578603d73d.tar.bz2
samba-bb435cbd0313ec0ec6889181223929578603d73d.zip
1 files changed, 6 insertions, 17 deletions
diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index e6e9bb7fc5..b73143ce34 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -470,19 +470,14 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call,
 					    &creds2);
 
 		if (NT_STATUS_IS_OK(status)) {
-			status = data_blob_realloc(call, blob,
-						   blob->length - dce_conn->auth_state.auth_info->credentials.length + 
-						   creds2.length);
-		}
-
-		if (NT_STATUS_IS_OK(status)) {
-			memcpy(blob->data + blob->length - dce_conn->auth_state.auth_info->credentials.length,
-			       creds2.data, creds2.length);
+			blob->length -= dce_conn->auth_state.auth_info->credentials.length;
+			status = data_blob_append(call, blob, creds2.data, creds2.length);
 		}
 
 		/* If we did AEAD signing of the packet headers, then we hope
 		 * this value didn't change... */
 		dcerpc_set_auth_length(blob, creds2.length);
+		dcerpc_set_frag_length(blob, dcerpc_get_frag_length(blob)+creds2.length);
 		data_blob_free(&creds2);
 		break;
 
@@ -495,20 +490,14 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call,
 					    blob->length - dce_conn->auth_state.auth_info->credentials.length,
 					    &creds2);
 		if (NT_STATUS_IS_OK(status)) {
-			status = data_blob_realloc(call, blob,
-						   blob->length - dce_conn->auth_state.auth_info->credentials.length + 
-						   creds2.length);
-		}
-
-		if (NT_STATUS_IS_OK(status)) {
-			memcpy(blob->data + blob->length - dce_conn->auth_state.auth_info->credentials.length,
-			       creds2.data, creds2.length);
+			blob->length -= dce_conn->auth_state.auth_info->credentials.length;
+			status = data_blob_append(call, blob, creds2.data, creds2.length);
 		}
 
 		/* If we did AEAD signing of the packet headers, then we hope
 		 * this value didn't change... */
 		dcerpc_set_auth_length(blob, creds2.length);
-
+		dcerpc_set_frag_length(blob, dcerpc_get_frag_length(blob)+creds2.length);
 		data_blob_free(&creds2);
 		break;
author	Andrew Tridgell <tridge@samba.org>	2006-10-28 04:17:43 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 14:24:40 -0500
commit	bb435cbd0313ec0ec6889181223929578603d73d (patch)
tree	9391ad673efd745e208f96537688eccfa05ddb8e /source4/rpc_server
parent	b4a5794e0983d41beec38ddc8430e04833af5915 (diff)
download	samba-bb435cbd0313ec0ec6889181223929578603d73d.tar.gz samba-bb435cbd0313ec0ec6889181223929578603d73d.tar.bz2 samba-bb435cbd0313ec0ec6889181223929578603d73d.zip