From 4b6cfbb6d27eea07400d0eacb08b2f69724b19ca Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 21 Oct 2009 02:18:54 +0200 Subject: s4-lsa: Fix dcesrv_lsa_EnumTrustDom() and avoid infite windows client loop. Found by RPC-LSA-TRUSTED-DOMAIN torture test. Guenther --- source4/rpc_server/lsa/dcesrv_lsa.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 0e6a55ec2f..e35f2d8bf6 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -1660,6 +1660,15 @@ static NTSTATUS dcesrv_lsa_EnumTrustDom(struct dcesrv_call_state *dce_call, TALL return STATUS_MORE_ENTRIES; } + /* according to MS-LSAD 3.1.4.7.8 output resume handle MUST + * always be larger than the previous input resume handle, in + * particular when hitting the last query it is vital to set the + * resume handle correctly to avoid infinite client loops, as + * seen e.g. with Windows XP SP3 when resume handle is 0 and + * status is NT_STATUS_OK - gd */ + + *r->out.resume_handle = (uint32_t)-1; + return NT_STATUS_OK; } -- cgit