]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
librpc: Provide clearer debug messages for malformed DCE/RPC bind
authorAndrew Bartlett <abartlet@samba.org>
Thu, 23 Apr 2020 23:04:00 +0000 (11:04 +1200)
committerAndrew Bartlett <abartlet@samba.org>
Wed, 29 Apr 2020 06:29:31 +0000 (06:29 +0000)
REF: https://lists.samba.org/archive/samba/2020-April/229334.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
librpc/rpc/dcerpc_util.c

index f7596cb1ac11fb8db59e124da3f22297b886551c..cf6cb942b1c84d4d1912cdc193100ff9016e8dbe 100644 (file)
@@ -357,20 +357,41 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
        }
 
        if (data_and_pad < auth->auth_pad_length) {
-               DEBUG(1, (__location__ ": ERROR: pad length mismatch. "
-                         "Calculated %u  got %u\n",
-                         (unsigned)data_and_pad,
-                         (unsigned)auth->auth_pad_length));
+               DBG_WARNING(__location__ ": ERROR: pad length too long. "
+                           "Calculated %u (pkt_trailer->length=%u - auth_length=%u) "
+                           "was less than auth_pad_length=%u\n",
+                           (unsigned)data_and_pad,
+                           (unsigned)pkt_trailer->length,
+                           (unsigned)auth_length,
+                           (unsigned)auth->auth_pad_length);
+               talloc_free(ndr);
+               ZERO_STRUCTP(auth);
+               return NT_STATUS_RPC_PROTOCOL_ERROR;
+       }
+
+       if (auth_data_only && data_and_pad > auth->auth_pad_length) {
+               DBG_WARNING(__location__ ": ERROR: auth_data_only pad length mismatch. "
+                           "Client sent a longer BIND packet than expected by %u bytes "
+                           "(pkt_trailer->length=%u - auth_length=%u) "
+                           "= %u auth_pad_length=%u\n",
+                           (unsigned)data_and_pad - (unsigned)auth->auth_pad_length,
+                           (unsigned)pkt_trailer->length,
+                           (unsigned)auth_length,
+                           (unsigned)data_and_pad,
+                           (unsigned)auth->auth_pad_length);
                talloc_free(ndr);
                ZERO_STRUCTP(auth);
                return NT_STATUS_RPC_PROTOCOL_ERROR;
        }
 
        if (auth_data_only && data_and_pad != auth->auth_pad_length) {
-               DEBUG(1, (__location__ ": ERROR: pad length mismatch. "
-                         "Calculated %u  got %u\n",
-                         (unsigned)data_and_pad,
-                         (unsigned)auth->auth_pad_length));
+               DBG_WARNING(__location__ ": ERROR: auth_data_only pad length mismatch. "
+                           "Calculated %u (pkt_trailer->length=%u - auth_length=%u) "
+                           "but auth_pad_length=%u\n",
+                           (unsigned)data_and_pad,
+                           (unsigned)pkt_trailer->length,
+                           (unsigned)auth_length,
+                           (unsigned)auth->auth_pad_length);
                talloc_free(ndr);
                ZERO_STRUCTP(auth);
                return NT_STATUS_RPC_PROTOCOL_ERROR;