The Samba-Bugzilla – Attachment 5389 Details for
Bug 7146
Samba miss-parses authenticated RPC packets.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Second git-am fix for 3.5.x.
0001-More-fixes-for-bug-7146-Samba-miss-parses-authentica.patch (text/plain), 2.88 KB, created by
Jeremy Allison
on 2010-02-18 17:07:07 UTC
(
hide
)
Description:
Second git-am fix for 3.5.x.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2010-02-18 17:07:07 UTC
Size:
2.88 KB
patch
obsolete
>From dbf6b64c77098331dae7c3600a12198770ed763c Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Thu, 18 Feb 2010 15:03:30 -0800 >Subject: [PATCH] More fixes for bug #7146 - Samba miss-parses authenticated RPC packets. > >Ensure we calculate the space correctly (including the ss_padding_len) >when constructing reply packets. > >Jeremy. >(cherry picked from commit 11a87cd31eedaf4e43864bf51ac1f53bca53e327) >--- > source3/rpc_server/srv_pipe.c | 30 ++++++++++++++++-------------- > 1 files changed, 16 insertions(+), 14 deletions(-) > >diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c >index bc0ad87..ab666fd 100644 >--- a/source3/rpc_server/srv_pipe.c >+++ b/source3/rpc_server/srv_pipe.c >@@ -107,8 +107,15 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p) > return False; > } > >- data_space_available = RPC_MAX_PDU_FRAG_LEN - RPC_HEADER_LEN >- - RPC_HDR_RESP_LEN - RPC_HDR_AUTH_LEN - NTLMSSP_SIG_SIZE; >+ if (data_len_left % SERVER_NDR_PADDING_SIZE) { >+ ss_padding_len = SERVER_NDR_PADDING_SIZE - (data_len_left % SERVER_NDR_PADDING_SIZE); >+ DEBUG(10,("create_next_pdu_ntlmssp: adding sign/seal padding of %u\n", >+ ss_padding_len )); >+ } >+ >+ data_space_available = RPC_MAX_PDU_FRAG_LEN - RPC_HEADER_LEN - >+ RPC_HDR_RESP_LEN - ss_padding_len - RPC_HDR_AUTH_LEN - >+ NTLMSSP_SIG_SIZE; > > /* > * The amount we send is the minimum of the available >@@ -132,12 +139,6 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p) > p->hdr.flags |= DCERPC_PFC_FLAG_LAST; > } > >- if (data_len_left % SERVER_NDR_PADDING_SIZE) { >- ss_padding_len = SERVER_NDR_PADDING_SIZE - (data_len_left % SERVER_NDR_PADDING_SIZE); >- DEBUG(10,("create_next_pdu_ntlmssp: adding sign/seal padding of %u\n", >- ss_padding_len )); >- } >- > /* > * Set up the header lengths. > */ >@@ -327,8 +328,14 @@ static bool create_next_pdu_schannel(pipes_struct *p) > return False; > } > >+ if (data_len_left % SERVER_NDR_PADDING_SIZE) { >+ ss_padding_len = SERVER_NDR_PADDING_SIZE - (data_len_left % SERVER_NDR_PADDING_SIZE); >+ DEBUG(10,("create_next_pdu_schannel: adding sign/seal padding of %u\n", >+ ss_padding_len )); >+ } >+ > data_space_available = RPC_MAX_PDU_FRAG_LEN - RPC_HEADER_LEN >- - RPC_HDR_RESP_LEN - RPC_HDR_AUTH_LEN >+ - RPC_HDR_RESP_LEN - ss_padding_len - RPC_HDR_AUTH_LEN > - RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN; > > /* >@@ -352,11 +359,6 @@ static bool create_next_pdu_schannel(pipes_struct *p) > if(p->out_data.data_sent_length + data_len >= prs_offset(&p->out_data.rdata)) { > p->hdr.flags |= DCERPC_PFC_FLAG_LAST; > } >- if (data_len_left % SERVER_NDR_PADDING_SIZE) { >- ss_padding_len = SERVER_NDR_PADDING_SIZE - (data_len_left % SERVER_NDR_PADDING_SIZE); >- DEBUG(10,("create_next_pdu_schannel: adding sign/seal padding of %u\n", >- ss_padding_len )); >- } > > p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len + ss_padding_len + > RPC_HDR_AUTH_LEN + RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN; >-- >1.6.6.2 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 7146
:
5372
|
5389
|
5390