summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/rpc_server/dcesrv_auth.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index ace5da992d..20ed496d32 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -281,6 +281,7 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call,
struct dcesrv_connection *dce_conn = call->conn;
NTSTATUS status;
struct ndr_push *ndr;
+ uint32_t payload_length;
/* non-signed packets are simple */
if (!dce_conn->auth_state.auth_info || !dce_conn->auth_state.gensec_security) {
@@ -306,6 +307,7 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call,
dce_conn->auth_state.auth_info->auth_pad_length = NDR_ALIGN(ndr, 8);
ndr_push_zero(ndr, dce_conn->auth_state.auth_info->auth_pad_length);
+ payload_length = ndr->offset - DCERPC_REQUEST_LENGTH;
dce_conn->auth_state.auth_info->credentials
= data_blob_talloc(call->mem_ctx, NULL,
@@ -332,7 +334,7 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call,
status = gensec_seal_packet(dce_conn->auth_state.gensec_security,
call->mem_ctx,
ndr->data + DCERPC_REQUEST_LENGTH,
- ndr->offset - DCERPC_REQUEST_LENGTH,
+ payload_length,
blob->data,
blob->length - dce_conn->auth_state.auth_info->credentials.length,
&dce_conn->auth_state.auth_info->credentials);
@@ -342,7 +344,7 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call,
status = gensec_sign_packet(dce_conn->auth_state.gensec_security,
call->mem_ctx,
ndr->data + DCERPC_REQUEST_LENGTH,
- ndr->offset - DCERPC_REQUEST_LENGTH,
+ payload_length,
blob->data,
blob->length - dce_conn->auth_state.auth_info->credentials.length,
&dce_conn->auth_state.auth_info->credentials);