The Samba-Bugzilla – Attachment 4658 Details for
Bug 6697
interdomain trusts broken with w2k8r2
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
fix schannel verifier validation for interdomain trusts with w2k8r2 dcs
w2k8r2.diff (text/plain), 1.60 KB, created by
Guenther Deschner
on 2009-09-08 05:02:47 UTC
(
hide
)
Description:
fix schannel verifier validation for interdomain trusts with w2k8r2 dcs
Filename:
MIME Type:
Creator:
Guenther Deschner
Created:
2009-09-08 05:02:47 UTC
Size:
1.60 KB
patch
obsolete
>From 993af2c41f78627cc69bebb91851e69fb47c81df Mon Sep 17 00:00:00 2001 >From: =?utf-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Tue, 8 Sep 2009 11:57:52 +0200 >Subject: [PATCH] s3-schannel: Fix Bug #6697. Interdomain trusts with Windows 2008 R2 DCs. > >The Schannel verifier (aka NL_AUTH_SIGNATURE) structure (32 byte) sent from a >W2k8r2 DC is passed in a buffer with the size of a NL_AUTH_SHA2_SIGNATURE (56 >byte). We should just ignore the remaining 12 zeroed bytes and proceed. > >Guenther >--- > source3/include/rpc_dce.h | 2 +- > source3/rpc_client/cli_pipe.c | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > >diff --git a/source3/include/rpc_dce.h b/source3/include/rpc_dce.h >index 3dfbc16..cd65ac8 100644 >--- a/source3/include/rpc_dce.h >+++ b/source3/include/rpc_dce.h >@@ -92,7 +92,7 @@ enum schannel_direction { > }; > > /* Maximum size of the signing data in a fragment. */ >-#define RPC_MAX_SIGN_SIZE 0x20 /* 32 */ >+#define RPC_MAX_SIGN_SIZE 0x38 /* 56 */ > > /* Maximum PDU fragment size. */ > /* #define MAX_PDU_FRAG_LEN 0x1630 this is what wnt sets */ >diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c >index 0f64719..5af2c95 100644 >--- a/source3/rpc_client/cli_pipe.c >+++ b/source3/rpc_client/cli_pipe.c >@@ -681,7 +681,7 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p > return NT_STATUS_OK; > } > >- if (auth_len != RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) { >+ if (auth_len < RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) { > DEBUG(0,("cli_pipe_verify_schannel: auth_len %u.\n", (unsigned int)auth_len )); > return NT_STATUS_INVALID_PARAMETER; > } >-- >1.6.2.5 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
metze
:
review+
Actions:
View
Attachments on
bug 6697
: 4658 |
4936
|
4937