Bug 14356 - protocol error - Unclear debug message "pad length mismatch" for invalid bind packet
Summary: protocol error - Unclear debug message "pad length mismatch" for invalid bind...
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: DCE-RPCs and pipes (show other bugs)
Version: 4.12.1
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
Depends on:
Reported: 2020-04-23 23:06 UTC by Andrew Bartlett
Modified: 2022-08-24 19:58 UTC (History)
6 users (show)

See Also:

packet which Samba parses incorrectly, eventually giving 'bad pad length' (2.83 KB, text/plain)
2020-04-23 23:34 UTC, Andrew Bartlett
no flags Details
packet which Samba parses correctly (3.25 KB, text/plain)
2020-04-23 23:35 UTC, Andrew Bartlett
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2020-04-23 23:06:46 UTC
From the reporter:

> 1. You have a new Windows 10 client
> 2. The computer MUST NOT be in the computer list in the AC-DC
> 3. You join the Windows client to the domain and reboot
> 4. About when the login screen appears on the Windows client, the
> error message pops up.
> If the computer is already listed in the AD-DC, you can remove and
> rejoin the Windows Client as much as you want without the error.
> And if the computer object is new, it also only happens I would say 4
> out of 5 times.
> I was able to record the logs with your suggested loglevel and a
> corresponding tcpdump. I will send it to you separately, maybe it
> helps.
> Since everything else is working fine (join, login etc) this is
> definitely not a critical issue IMHO.
Comment 1 Andrew Bartlett 2020-04-23 23:34:33 UTC
Created attachment 15939 [details]
packet which Samba parses incorrectly, eventually giving 'bad pad length'
Comment 2 Andrew Bartlett 2020-04-23 23:35:34 UTC
Created attachment 15940 [details]
packet which Samba parses correctly

Both these dumps are cut off not to include the SPNEGO packet, as that may be sensitive, but it shows how we get the parse wrong.
Comment 3 Andrew Bartlett 2020-10-14 03:49:29 UTC
The unclear message is improved in Samba 4.13 with:

commit ae5cb7346bf6f7759c88d7df6a5c1bd7965ee284
Author: Andrew Bartlett <abartlet@samba.org>
Date:   Fri Apr 24 11:04:00 2020 +1200

    librpc: Provide clearer debug messages for malformed DCE/RPC bind
    REF: https://lists.samba.org/archive/samba/2020-April/229334.html
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
    Signed-off-by: Andrew Bartlett <abartlet@samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Comment 4 Stefan Metzmacher 2020-11-09 11:13:58 UTC
This is not fixed
Comment 5 Stefan Metzmacher 2020-11-09 11:42:14 UTC
Windows seems to be lazy and just changes num_contexts from 3 to 2,
but leaves the space for the 3rd context in the pdu, but leaves
auth_pad_length = 0.

So we have to ignore any padding bytes without generating an protocol error.