From 209a65bc6f783055f3f6a8cea3fb36587d346511 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 21 Oct 2009 02:17:32 +0200 Subject: s3-lsa: Fix _lsa_EnumTrustDom() and avoid infite windows client loop. Found by RPC-LSA-TRUSTED-DOMAIN torture test. Guenther --- source3/rpc_server/srv_lsa_nt.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 23ea045b88..a9a4fa5b25 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -477,6 +477,15 @@ NTSTATUS _lsa_EnumTrustDom(pipes_struct *p, return STATUS_MORE_ENTRIES; } + /* according to MS-LSAD 3.1.4.7.8 output resume handle MUST + * always be larger than the previous input resume handle, in + * particular when hitting the last query it is vital to set the + * resume handle correctly to avoid infinite client loops, as + * seen e.g. with Windows XP SP3 when resume handle is 0 and + * status is NT_STATUS_OK - gd */ + + *r->out.resume_handle = (uint32_t)-1; + return NT_STATUS_OK; } -- cgit