diff options
Diffstat (limited to 'source3/rpc_server/srv_pipe.c')
-rw-r--r-- | source3/rpc_server/srv_pipe.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 09b1f66440..f3ee18da5a 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -2113,7 +2113,11 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss auth_len = p->hdr.auth_len; - if (auth_len != RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) { + if (auth_len < RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN || + auth_len > RPC_HEADER_LEN + + RPC_HDR_REQ_LEN + + RPC_HDR_AUTH_LEN + + auth_len) { DEBUG(0,("Incorrect auth_len %u.\n", (unsigned int)auth_len )); return False; } |