14356 – protocol error - Unclear debug message "pad length mismatch" for invalid bind packet

Bug 14356 - protocol error - Unclear debug message "pad length mismatch" for invalid bind packet

Summary: protocol error - Unclear debug message "pad length mismatch" for invalid bind...

Status:	REOPENED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	DCE-RPCs and pipes (show other bugs)
Version:	4.12.1
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Andrew Bartlett
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-04-23 23:06 UTC by Andrew Bartlett
Modified:	2022-08-24 19:58 UTC (History)
CC List:	6 users (show)

See Also:

Attachments
packet which Samba parses incorrectly, eventually giving 'bad pad length' (2.83 KB, text/plain) 2020-04-23 23:34 UTC, Andrew Bartlett	no flags	Details
packet which Samba parses correctly (3.25 KB, text/plain) 2020-04-23 23:35 UTC, Andrew Bartlett	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andrew Bartlett 2020-04-23 23:06:46 UTC

From the reporter:
https://lists.samba.org/archive/samba/2020-April/229334.html

> 1. You have a new Windows 10 client
> 2. The computer MUST NOT be in the computer list in the AC-DC
> 3. You join the Windows client to the domain and reboot
> 4. About when the login screen appears on the Windows client, the
> error message pops up.
> 
> If the computer is already listed in the AD-DC, you can remove and
> rejoin the Windows Client as much as you want without the error.
> And if the computer object is new, it also only happens I would say 4
> out of 5 times.
> 
> I was able to record the logs with your suggested loglevel and a
> corresponding tcpdump. I will send it to you separately, maybe it
> helps.
> 
> Since everything else is working fine (join, login etc) this is
> definitely not a critical issue IMHO.

Comment 1 Andrew Bartlett 2020-04-23 23:34:33 UTC

Created attachment 15939 [details]
packet which Samba parses incorrectly, eventually giving 'bad pad length'

Comment 2 Andrew Bartlett 2020-04-23 23:35:34 UTC

Created attachment 15940 [details]
packet which Samba parses correctly

Both these dumps are cut off not to include the SPNEGO packet, as that may be sensitive, but it shows how we get the parse wrong.

Comment 3 Andrew Bartlett 2020-10-14 03:49:29 UTC

The unclear message is improved in Samba 4.13 with:

commit ae5cb7346bf6f7759c88d7df6a5c1bd7965ee284
Author: Andrew Bartlett <abartlet@samba.org>
Date:   Fri Apr 24 11:04:00 2020 +1200

    librpc: Provide clearer debug messages for malformed DCE/RPC bind
    
    REF: https://lists.samba.org/archive/samba/2020-April/229334.html
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
    
    Signed-off-by: Andrew Bartlett <abartlet@samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Comment 4 Stefan Metzmacher 2020-11-09 11:13:58 UTC

This is not fixed

Comment 5 Stefan Metzmacher 2020-11-09 11:42:14 UTC

Windows seems to be lazy and just changes num_contexts from 3 to 2,
but leaves the space for the 3rd context in the pdu, but leaves
auth_pad_length = 0.

So we have to ignore any padding bytes without generating an protocol error.

Comment 6 Stefan Metzmacher 2022-08-24 19:58:03 UTC

This contains wip fixes for the problem:

https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master-dcerpc
https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=fcd2e46e0ecbcbe9743edb6ae16eba35d317c8d5