From 9669642f493126c29d970c1a2d31a22e932d638b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 20 Mar 2015 14:32:00 +1300 Subject: [PATCH] backupkey: Use ndr_pull_struct_blob_all() This avoids bad decrypts from falling down to later code and getting the error code wrong, by strictly requiring the NDR parse to use all the data. A bad decyrpt is very unlikely to get the length correct, and so fall down to the other checks. This should fix: UNEXPECTED(failure): samba4.rpc.backupkey with seal.backupkey.server_wrap_decrypt_wrong_r2(ad_dc_ntvfs) REASON: Exception: Exception: ../source4/torture/rpc/backupkey.c:1926: r.out.result was WERR_INVALID_ACCESS, expected WERR_INVALID_PARAM: decrypt should fail with WERR_INVALID_PARAM BUG: https://bugzilla.samba.org/show_bug.cgi?id=11174 Signed-off-by: Andrew Bartlett --- source4/rpc_server/backupkey/dcesrv_backupkey.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c index 749e48b..b3b7074 100644 --- a/source4/rpc_server/backupkey/dcesrv_backupkey.c +++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c @@ -1496,8 +1496,8 @@ static WERROR bkrp_server_wrap_decrypt_data(struct dcesrv_call_state *dce_call, return WERR_INVALID_PARAM; } - ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, &decrypt_request, - (ndr_pull_flags_fn_t)ndr_pull_bkrp_server_side_wrapped); + ndr_err = ndr_pull_struct_blob_all(&blob, mem_ctx, &decrypt_request, + (ndr_pull_flags_fn_t)ndr_pull_bkrp_server_side_wrapped); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return WERR_INVALID_PARAM; } @@ -1534,8 +1534,8 @@ static WERROR bkrp_server_wrap_decrypt_data(struct dcesrv_call_state *dce_call, arcfour_crypt_blob(encrypted_blob.data, encrypted_blob.length, &symkey_blob); - ndr_err = ndr_pull_struct_blob(&encrypted_blob, mem_ctx, &rc4payload, - (ndr_pull_flags_fn_t)ndr_pull_bkrp_rc4encryptedpayload); + ndr_err = ndr_pull_struct_blob_all(&encrypted_blob, mem_ctx, &rc4payload, + (ndr_pull_flags_fn_t)ndr_pull_bkrp_rc4encryptedpayload); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return WERR_INVALID_PARAM; } -- 2.1.4