From 712e972f1e27e211330022e8c61271d6b27b9a18 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 22 Apr 2016 16:18:24 +0200 Subject: [PATCH 1/2] s4:gensec_tstream: allow wrapped messages up to a size of 0xfffffff BUG: https://bugzilla.samba.org/show_bug.cgi?id=11872 Signed-off-by: Stefan Metzmacher --- source4/auth/gensec/gensec_tstream.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/source4/auth/gensec/gensec_tstream.c b/source4/auth/gensec/gensec_tstream.c index 92f4fa6..c828170 100644 --- a/source4/auth/gensec/gensec_tstream.c +++ b/source4/auth/gensec/gensec_tstream.c @@ -253,7 +253,11 @@ static int tstream_gensec_readv_next_vector(struct tstream_context *unix_stream, msg_len = RIVAL(state->wrapped.hdr, 0); - if (msg_len > 0x00FFFFFF) { + /* + * I got a Windows 2012R2 server responding with + * a message of 0x1b28a33. + */ + if (msg_len > 0x0FFFFFFF) { errno = EMSGSIZE; return -1; } -- 1.9.1 From 86bdc5f66bf1777212f6546930f14c7287436d35 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 22 Apr 2016 16:31:55 +0200 Subject: [PATCH 2/2] s3:libads/sasl: allow wrapped messages up to a size of 0xfffffff BUG: https://bugzilla.samba.org/show_bug.cgi?id=11872 Signed-off-by: Stefan Metzmacher --- source3/libads/sasl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index b8d4527..10f63e8 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -328,7 +328,7 @@ static ADS_STATUS ads_sasl_spnego_gensec_bind(ADS_STRUCT *ads, * arcfour-hmac-md5. */ ads->ldap.in.min_wrapped = MIN(ads->ldap.out.sig_size, 0x2C); - ads->ldap.in.max_wrapped = max_wrapped; + ads->ldap.in.max_wrapped = ADS_SASL_WRAPPING_IN_MAX_WRAPPED; status = ads_setup_sasl_wrapping(ads, &ads_sasl_gensec_ops, auth_generic_state->gensec_security); if (!ADS_ERR_OK(status)) { DEBUG(0, ("ads_setup_sasl_wrapping() failed: %s\n", @@ -986,7 +986,7 @@ static ADS_STATUS ads_sasl_gssapi_do_bind(ADS_STRUCT *ads, const gss_name_t serv ads->ldap.out.sig_size = max_msg_size - ads->ldap.out.max_unwrapped; ads->ldap.in.min_wrapped = 0x2C; /* taken from a capture with LDAP unbind */ - ads->ldap.in.max_wrapped = max_msg_size; + ads->ldap.in.max_wrapped = ADS_SASL_WRAPPING_IN_MAX_WRAPPED; status = ads_setup_sasl_wrapping(ads, &ads_sasl_gssapi_ops, context_handle); if (!ADS_ERR_OK(status)) { DEBUG(0, ("ads_setup_sasl_wrapping() failed: %s\n", -- 1.9.1