From ca3bdca52e93ec492f06f18d8428e80bbad375be Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Wed, 14 Jul 2010 11:09:04 -0400
Subject: s3-dcerpc: Padding is never done on a DCERPC_PKT_BIND_ACK packet.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Empirically verified against Windows.
It never pads the auth credentials on this packet type.

Signed-off-by: Günther Deschner <gd@samba.org>
---
 source3/rpc_server/srv_pipe.c | 26 ++------------------------
 1 file changed, 2 insertions(+), 24 deletions(-)

diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 6b85141367..12ec27bd04 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -1146,7 +1146,6 @@ bool api_pipe_bind_req(pipes_struct *p, struct ncacn_packet *pkt)
 	struct dcerpc_ack_ctx bind_ack_ctx;
 	DATA_BLOB auth_resp = data_blob_null;
 	DATA_BLOB auth_blob = data_blob_null;
-	int pad_len = 0;
 
 	/* No rebinds on a bound pipe - use alter context. */
 	if (p->pipe_bound) {
@@ -1367,18 +1366,10 @@ bool api_pipe_bind_req(pipes_struct *p, struct ncacn_packet *pkt)
 
 	if (auth_resp.length) {
 
-		/* Work out any padding needed before the auth footer. */
-		pad_len = p->out_data.frag.length % SERVER_NDR_PADDING_SIZE;
-		if (pad_len) {
-			pad_len = SERVER_NDR_PADDING_SIZE - pad_len;
-			DEBUG(10, ("auth pad_len = %u\n",
-				   (unsigned int)pad_len));
-		}
-
 		status = dcerpc_push_dcerpc_auth(pkt,
 						 auth_type,
 						 auth_info.auth_level,
-						 pad_len,
+						 0,
 						 1, /* auth_context_id */
 						 &auth_resp,
 						 &auth_blob);
@@ -1391,22 +1382,9 @@ bool api_pipe_bind_req(pipes_struct *p, struct ncacn_packet *pkt)
 	/* Now that we have the auth len store it into the right place in
 	 * the dcerpc header */
 	dcerpc_set_frag_length(&p->out_data.frag,
-				p->out_data.frag.length +
-					pad_len +
-					auth_blob.length);
+				p->out_data.frag.length + auth_blob.length);
 
 	if (auth_blob.length) {
-		if (pad_len) {
-			char pad[SERVER_NDR_PADDING_SIZE];
-			memset(pad, '\0', SERVER_NDR_PADDING_SIZE);
-			if (!data_blob_append(p->mem_ctx, &p->out_data.frag,
-						pad, pad_len)) {
-				DEBUG(0, ("api_pipe_bind_req: failed to add "
-					  "%u bytes of pad data.\n",
-				  (unsigned int)pad_len));
-				goto err_exit;
-			}
-		}
 
 		if (!data_blob_append(p->mem_ctx, &p->out_data.frag,
 					auth_blob.data, auth_blob.length)) {
-- 
cgit