From c5ac20f1ce05e6762300e843907d94fcf7ae1344 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 21 Feb 2018 00:50:26 +0100 Subject: [PATCH 1/2] tests:dcerpc/raw_protocol: reproduce call_id truncation bug We need to make sure the server handles call_id values > UINT16_MAX. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13289 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme (cherry picked from commit 65e8edb382fbc7450919aad8b42cfcae9e779d11) --- python/samba/tests/dcerpc/raw_protocol.py | 2 +- selftest/knownfail.d/dcerpc_raw_protocol | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 selftest/knownfail.d/dcerpc_raw_protocol diff --git a/python/samba/tests/dcerpc/raw_protocol.py b/python/samba/tests/dcerpc/raw_protocol.py index 587df54..ff815e9 100755 --- a/python/samba/tests/dcerpc/raw_protocol.py +++ b/python/samba/tests/dcerpc/raw_protocol.py @@ -1974,7 +1974,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # And now try a request without auth_info # netr_ServerReqChallenge() - req = self.generate_request(call_id = 2, + req = self.generate_request(call_id = 0x21234, pfc_flags=pfc_flags, context_id=ctx.context_id, opnum=4, diff --git a/selftest/knownfail.d/dcerpc_raw_protocol b/selftest/knownfail.d/dcerpc_raw_protocol new file mode 100644 index 0000000..c7cb666 --- /dev/null +++ b/selftest/knownfail.d/dcerpc_raw_protocol @@ -0,0 +1,4 @@ +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_fragmented_requests01 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_fragmented_requests02 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_fragmented_requests03 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_fragmented_requests05 -- 1.9.1 From 66b86266d736ba3f7a22b0bdfab021addd80630a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 21 Feb 2018 00:49:55 +0100 Subject: [PATCH 2/2] s4:rpc_server: fix call_id truncation in dcesrv_find_fragmented_call() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit BUG: https://bugzilla.samba.org/show_bug.cgi?id=13289 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Feb 21 19:02:56 CET 2018 on sn-devel-144 (cherry picked from commit 5d113f80944f2e1d2a7e80f73aea7a4cfdfbd140) --- selftest/knownfail.d/dcerpc_raw_protocol | 4 ---- source4/rpc_server/dcerpc_server.c | 2 +- 2 files changed, 1 insertion(+), 5 deletions(-) delete mode 100644 selftest/knownfail.d/dcerpc_raw_protocol diff --git a/selftest/knownfail.d/dcerpc_raw_protocol b/selftest/knownfail.d/dcerpc_raw_protocol deleted file mode 100644 index c7cb666..0000000 --- a/selftest/knownfail.d/dcerpc_raw_protocol +++ /dev/null @@ -1,4 +0,0 @@ -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_fragmented_requests01 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_fragmented_requests02 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_fragmented_requests03 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_fragmented_requests05 diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index 6a985c5..262eb70 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -239,7 +239,7 @@ const struct dcesrv_interface *find_interface_by_uuid(const struct dcesrv_endpoi /* find the earlier parts of a fragmented call awaiting reassembily */ -static struct dcesrv_call_state *dcesrv_find_fragmented_call(struct dcesrv_connection *dce_conn, uint16_t call_id) +static struct dcesrv_call_state *dcesrv_find_fragmented_call(struct dcesrv_connection *dce_conn, uint32_t call_id) { struct dcesrv_call_state *c; for (c=dce_conn->incoming_fragmented_call_list;c;c=c->next) { -- 1.9.1