CVE-2015-5370: s3:rpc_client: move AS/U hack to the top of cli_pipe_validate_current_...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index fd81bf35eaba3ea3e0cc88c064714075c3ef5e77..15b8f6ed4c3e57a49c095d9776c88c75f5680b4b 100644 (file)
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -401,6 +401,19 @@ static NTSTATUS cli_pipe_validate_current_pdu(TALLOC_CTX *mem_ctx,
         */
        *rdata = *pdu;
 
+       if ((pkt->ptype == DCERPC_PKT_BIND_ACK) &&
+           !(pkt->pfc_flags & DCERPC_PFC_FLAG_LAST)) {
+               /*
+                * TODO: do we still need this hack which was introduced
+                * in commit a42afcdcc7ab9aa9ed193ae36d3dbb10843447f0.
+                *
+                * I don't even know what AS/U might be...
+                */
+               DEBUG(5, (__location__ ": bug in server (AS/U?), setting "
+                         "fragment first/last ON.\n"));
+               pkt->pfc_flags |= DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST;
+       }
+
        /* Ensure we have the correct type. */
        switch (pkt->ptype) {
        case DCERPC_PKT_ALTER_RESP:
@@ -505,17 +518,6 @@ static NTSTATUS cli_pipe_validate_current_pdu(TALLOC_CTX *mem_ctx,
                return NT_STATUS_RPC_PROTOCOL_ERROR;
        }
 
-       /* Do this just before return - we don't want to modify any rpc header
-          data before now as we may have needed to do cryptographic actions on
-          it before. */
-
-       if ((pkt->ptype == DCERPC_PKT_BIND_ACK) &&
-           !(pkt->pfc_flags & DCERPC_PFC_FLAG_LAST)) {
-               DEBUG(5, (__location__ ": bug in server (AS/U?), setting "
-                         "fragment first/last ON.\n"));
-               pkt->pfc_flags |= DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST;
-       }
-
        return NT_STATUS_OK;
 }