The Samba-Bugzilla – Attachment 12201 Details for
Bug 11948
Total dcerpc response payload more than 0x400000
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch from metze for master
bug-11948-master.patch (text/plain), 5.89 KB, created by
Andrew Bartlett
on 2016-06-22 22:40:09 UTC
(
hide
)
Description:
Patch from metze for master
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2016-06-22 22:40:09 UTC
Size:
5.89 KB
patch
obsolete
>From 98be260b376e08462d4d0dccb58212ee783a63cb Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 22 Jun 2016 16:58:03 +0200 >Subject: [PATCH 1/3] dcerpc.idl: add > DCERPC_NCACN_{REQUEST,RESPONSE}_DEFAULT_MAX_SIZE > >This will replace DCERPC_NCACN_PAYLOAD_MAX_SIZE (4 MByte), >this limit is too strict for some workloads, e.g. DRSUAPI replication >with large objects. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11948 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >--- > librpc/idl/dcerpc.idl | 17 +++++++++++++++++ > 1 file changed, 17 insertions(+) > >diff --git a/librpc/idl/dcerpc.idl b/librpc/idl/dcerpc.idl >index 015eb3d..5e0f919 100644 >--- a/librpc/idl/dcerpc.idl >+++ b/librpc/idl/dcerpc.idl >@@ -537,6 +537,23 @@ interface dcerpc > const uint8 DCERPC_NCACN_PAYLOAD_OFFSET = 16; > const uint32 DCERPC_NCACN_PAYLOAD_MAX_SIZE = 0x400000; /* 4 MByte */ > >+ /* >+ * See [MS-RPCE] 3.3.3.5.4 Maximum Server Input Data Size >+ * 4 MByte is the default limit of reassembled request payload >+ */ >+ const uint32 DCERPC_NCACN_REQUEST_DEFAULT_MAX_SIZE = 0x400000; >+ >+ /* >+ * See [MS-RPCE] 3.3.2.5.2 Handling Responses >+ * >+ * Indicates that Windows accepts up to 0x7FFFFFFF ~2 GByte >+ * >+ * talloc has a limit of 256 MByte, so we need to use something smaller. >+ * >+ * For now we try our luck with 240 MByte. >+ */ >+ const uint32 DCERPC_NCACN_RESPONSE_DEFAULT_MAX_SIZE = 0xf000000; /* 240 MByte */ >+ > /* little-endian flag */ > const uint8 DCERPC_DREP_LE = 0x10; > >-- >1.9.1 > > >From 0180642abb1b8cd0bc03078b69ccd11ae0919802 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 22 Jun 2016 17:18:28 +0200 >Subject: [PATCH 2/3] s4:librpc/rpc: allow a total reassembled response payload > of 240 MBytes > >This will replace DCERPC_NCACN_PAYLOAD_MAX_SIZE (4 MByte), >The limit of DCERPC_NCACN_PAYLOAD_MAX_SIZE (4 MByte) was too >strict for some workloads, e.g. DRSUAPI replication with large objects. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11948 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >--- > source4/librpc/rpc/dcerpc.c | 5 +++-- > source4/librpc/rpc/dcerpc.h | 3 +++ > 2 files changed, 6 insertions(+), 2 deletions(-) > >diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c >index 464ae95..55b4385 100644 >--- a/source4/librpc/rpc/dcerpc.c >+++ b/source4/librpc/rpc/dcerpc.c >@@ -155,6 +155,7 @@ static struct dcecli_connection *dcerpc_connection_init(TALLOC_CTX *mem_ctx, > */ > c->srv_max_xmit_frag = 5840; > c->srv_max_recv_frag = 5840; >+ c->max_total_response_size = DCERPC_NCACN_RESPONSE_DEFAULT_MAX_SIZE; > c->pending = NULL; > > c->io_trigger = tevent_create_immediate(c); >@@ -1577,10 +1578,10 @@ static void dcerpc_request_recv_data(struct dcecli_connection *c, > > length = pkt->u.response.stub_and_verifier.length; > >- if (req->payload.length + length > DCERPC_NCACN_PAYLOAD_MAX_SIZE) { >+ if (req->payload.length + length > c->max_total_response_size) { > DEBUG(2,("Unexpected total payload 0x%X > 0x%X dcerpc response\n", > (unsigned)req->payload.length + length, >- DCERPC_NCACN_PAYLOAD_MAX_SIZE)); >+ (unsigned)c->max_total_response_size)); > dcerpc_connection_dead(c, NT_STATUS_RPC_PROTOCOL_ERROR); > return; > } >diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h >index 39d28a6..24c7948 100644 >--- a/source4/librpc/rpc/dcerpc.h >+++ b/source4/librpc/rpc/dcerpc.h >@@ -107,6 +107,9 @@ struct dcecli_connection { > > /* the next context_id to be assigned */ > uint32_t next_context_id; >+ >+ /* The maximum total payload of reassembled response pdus */ >+ size_t max_total_response_size; > }; > > /* >-- >1.9.1 > > >From 87930f2b89c1c3c19c1a6fc4e0157f832741d630 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 22 Jun 2016 17:18:28 +0200 >Subject: [PATCH 3/3] s4:rpc_server: use a variable for the max total > reassembled request payload > >We still use the same limit of 4 MByte (DCERPC_NCACN_REQUEST_DEFAULT_MAX_SIZE) >by default. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11948 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >--- > source4/rpc_server/dcerpc_server.c | 5 +++-- > source4/rpc_server/dcerpc_server.h | 3 +++ > 2 files changed, 6 insertions(+), 2 deletions(-) > >diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c >index 36b3fd2..025cb20 100644 >--- a/source4/rpc_server/dcerpc_server.c >+++ b/source4/rpc_server/dcerpc_server.c >@@ -408,6 +408,7 @@ _PUBLIC_ NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx, > p->allow_bind = true; > p->max_recv_frag = 5840; > p->max_xmit_frag = 5840; >+ p->max_total_request_size = DCERPC_NCACN_REQUEST_DEFAULT_MAX_SIZE; > > *_p = p; > return NT_STATUS_OK; >@@ -1532,7 +1533,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > /* > * Up to 4 MByte are allowed by all fragments > */ >- available = DCERPC_NCACN_PAYLOAD_MAX_SIZE; >+ available = dce_conn->max_total_request_size; > if (er->stub_and_verifier.length > available) { > dcesrv_call_disconnect_after(existing, > "dcesrv_auth_request - existing payload too large"); >@@ -1585,7 +1586,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > /* > * Up to 4 MByte are allowed by all fragments > */ >- if (call->pkt.u.request.alloc_hint > DCERPC_NCACN_PAYLOAD_MAX_SIZE) { >+ if (call->pkt.u.request.alloc_hint > dce_conn->max_total_request_size) { > dcesrv_call_disconnect_after(call, > "dcesrv_auth_request - initial alloc hint too large"); > return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED); >diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h >index aead405e..54187ee 100644 >--- a/source4/rpc_server/dcerpc_server.h >+++ b/source4/rpc_server/dcerpc_server.h >@@ -278,6 +278,9 @@ struct dcesrv_connection { > > /* the association group the connection belongs to */ > struct dcesrv_assoc_group *assoc_group; >+ >+ /* The maximum total payload of reassembled request pdus */ >+ size_t max_total_request_size; > }; > > >-- >1.9.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=12201">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
abartlet
:
review+
Actions:
View
Attachments on
bug 11948
: 12201 |
12208
|
12210
|
12212