From c43c53b886ec62b249ffebcd4e6656042e4753bc Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 2 Oct 1998 18:14:38 +0000 Subject: microsoft is slowly fixing some buffer overflow errors in dce/rpc code (SP4). therefore, they are being more strict, first in the server-side code, and now in the client-side code. this fixes a bind-request that was too short by 16 bytes, and an rpc-request that was too long by 24 bytes. (This used to be commit a69ed7846a1e1403ea51d76d6962b97e8c768b29) --- source3/rpc_client/cli_pipe.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/rpc_client') diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 1689ae0e69..b178f38a58 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -324,7 +324,7 @@ static BOOL create_rpc_bind_req(prs_struct *rhdr, /* create the request RPC_HDR */ make_rpc_hdr(&hdr, RPC_BIND, 0x0, get_rpc_call_id(), - rhdr_rb->offset, auth_req != NULL ? auth_req->offset : 0); + rhdr_rb->offset + 0x10, auth_req != NULL ? auth_req->offset : 0); smb_io_rpc_hdr("hdr" , &hdr , rhdr, 0); mem_realloc_data(rhdr->data, rhdr->offset); @@ -380,7 +380,7 @@ static BOOL create_rpc_request(prs_struct *rhdr, uint8 op_num, int data_len) /* create the rpc header RPC_HDR */ make_rpc_hdr(&hdr , RPC_REQUEST, RPC_FLG_FIRST | RPC_FLG_LAST, - get_rpc_call_id(), data_len + 0x18, 0); + get_rpc_call_id(), data_len, 0); /* create the rpc request RPC_HDR_REQ */ make_rpc_hdr_req(&hdr_req, data_len, op_num); -- cgit