kdc: Pad UPN_DNS_INFO PAC buffer

author Joseph Sutton <josephsutton@catalyst.net.nz>

Fri, 10 Dec 2021 01:59:22 +0000 (14:59 +1300)

committer Andrew Bartlett <abartlet@samba.org>

Wed, 15 Dec 2021 03:41:32 +0000 (03:41 +0000)
author Joseph Sutton <josephsutton@catalyst.net.nz>
Fri, 10 Dec 2021 01:59:22 +0000 (14:59 +1300)
committer Andrew Bartlett <abartlet@samba.org>
Wed, 15 Dec 2021 03:41:32 +0000 (03:41 +0000)
diff --git a/lib/util/data_blob.c b/lib/util/data_blob.c

index e528eb093a0c33b15ee768489c7ed081a9416e79..77b077f7ef9bb0801fe22fcd2e339f83bf43158b 100644 (file)
--- a/lib/util/data_blob.c
+++ b/lib/util/data_blob.c
@@ -245,3 +245,24 @@ _PUBLIC_ bool data_blob_append(TALLOC_CTX *mem_ctx, DATA_BLOB *blob,
         return true;
  }
  
+/**
+  pad the length of a data blob to a multiple of
+  'pad'. 'pad' must be a power of two.
+**/
+_PUBLIC_ bool data_blob_pad(TALLOC_CTX *mem_ctx, DATA_BLOB *blob,
+                           size_t pad)
+{
+       size_t old_len = blob->length;
+       size_t new_len = (old_len + pad - 1) & ~(pad - 1);
+
+       if (new_len < old_len) {
+               return false;
+       }
+
+       if (!data_blob_realloc(mem_ctx, blob, new_len)) {
+               return false;
+       }
+
+       memset(blob->data + old_len, 0, new_len - old_len);
+       return true;
+}
diff --git a/lib/util/data_blob.h b/lib/util/data_blob.h

index 799e9531cbde0572a8c416b055bc5cb2a4b5eb25..7a0dc3b0014989ce785fec870d88499e2822969a 100644 (file)
--- a/lib/util/data_blob.h
+++ b/lib/util/data_blob.h
@@ -126,6 +126,13 @@ _PUBLIC_ bool data_blob_realloc(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, size_t len
  _PUBLIC_ bool data_blob_append(TALLOC_CTX *mem_ctx, DATA_BLOB *blob,
                                    const void *p, size_t length);
  
+/**
+  pad the length of a data blob to a multiple of
+  'pad'. 'pad' must be a power of two.
+**/
+_PUBLIC_ bool data_blob_pad(TALLOC_CTX *mem_ctx, DATA_BLOB *blob,
+                           size_t pad);
+
  extern const DATA_BLOB data_blob_null;
  
  #endif /* _SAMBA_DATABLOB_H_ */
diff --git a/selftest/knownfail_heimdal_kdc b/selftest/knownfail_heimdal_kdc

index 62194b66f3a2e6f0d60414786ce5b8e87f6cc3c2..a8810abcf8f67a80aebab648fa84511af15ff8a0 100644 (file)
--- a/selftest/knownfail_heimdal_kdc
+++ b/selftest/knownfail_heimdal_kdc
@@ -98,17 +98,3 @@
  ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_service_ticket
  ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_sid_mismatch_existing
  ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_sid_mismatch_nonexisting
-#
-# PAC alignment tests
-#
-^samba.tests.krb5.pac_align_tests.samba.tests.krb5.pac_align_tests.PacAlignTests.test_pac_align_7_chars
-^samba.tests.krb5.pac_align_tests.samba.tests.krb5.pac_align_tests.PacAlignTests.test_pac_align_8_chars
-^samba.tests.krb5.pac_align_tests.samba.tests.krb5.pac_align_tests.PacAlignTests.test_pac_align_9_chars
-^samba.tests.krb5.pac_align_tests.samba.tests.krb5.pac_align_tests.PacAlignTests.test_pac_align_11_chars
-^samba.tests.krb5.pac_align_tests.samba.tests.krb5.pac_align_tests.PacAlignTests.test_pac_align_12_chars
-^samba.tests.krb5.pac_align_tests.samba.tests.krb5.pac_align_tests.PacAlignTests.test_pac_align_13_chars
-^samba.tests.krb5.pac_align_tests.samba.tests.krb5.pac_align_tests.PacAlignTests.test_pac_align_15_chars
-^samba.tests.krb5.pac_align_tests.samba.tests.krb5.pac_align_tests.PacAlignTests.test_pac_align_16_chars
-^samba.tests.krb5.pac_align_tests.samba.tests.krb5.pac_align_tests.PacAlignTests.test_pac_align_17_chars
-^samba.tests.krb5.pac_align_tests.samba.tests.krb5.pac_align_tests.PacAlignTests.test_pac_align_19_chars
-^samba.tests.krb5.pac_align_tests.samba.tests.krb5.pac_align_tests.PacAlignTests.test_pac_align_20_chars
diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc

index b4306940beccf0540f59c5117c858bfa89e23d24..79c1219e2d5e0142c5fe9dac3fab48effac7f4f9 100644 (file)
--- a/selftest/knownfail_mit_kdc
+++ b/selftest/knownfail_mit_kdc
@@ -548,17 +548,3 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
  ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_logon_info_sid_mismatch_nonexisting
  ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_requester_sid_mismatch_existing
  ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_requester_sid_mismatch_nonexisting
-#
-# PAC alignment tests
-#
-^samba.tests.krb5.pac_align_tests.samba.tests.krb5.pac_align_tests.PacAlignTests.test_pac_align_7_chars
-^samba.tests.krb5.pac_align_tests.samba.tests.krb5.pac_align_tests.PacAlignTests.test_pac_align_8_chars
-^samba.tests.krb5.pac_align_tests.samba.tests.krb5.pac_align_tests.PacAlignTests.test_pac_align_9_chars
-^samba.tests.krb5.pac_align_tests.samba.tests.krb5.pac_align_tests.PacAlignTests.test_pac_align_11_chars
-^samba.tests.krb5.pac_align_tests.samba.tests.krb5.pac_align_tests.PacAlignTests.test_pac_align_12_chars
-^samba.tests.krb5.pac_align_tests.samba.tests.krb5.pac_align_tests.PacAlignTests.test_pac_align_13_chars
-^samba.tests.krb5.pac_align_tests.samba.tests.krb5.pac_align_tests.PacAlignTests.test_pac_align_15_chars
-^samba.tests.krb5.pac_align_tests.samba.tests.krb5.pac_align_tests.PacAlignTests.test_pac_align_16_chars
-^samba.tests.krb5.pac_align_tests.samba.tests.krb5.pac_align_tests.PacAlignTests.test_pac_align_17_chars
-^samba.tests.krb5.pac_align_tests.samba.tests.krb5.pac_align_tests.PacAlignTests.test_pac_align_19_chars
-^samba.tests.krb5.pac_align_tests.samba.tests.krb5.pac_align_tests.PacAlignTests.test_pac_align_20_chars
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c

index 4c91fe570819058f51d1310dead6d0b68c919dd2..10831671faca7521ad77bcc70f2edb709d279864 100644 (file)
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -109,6 +109,7 @@ NTSTATUS samba_get_upn_info_pac_blob(TALLOC_CTX *mem_ctx,
         union PAC_INFO pac_upn;
         enum ndr_err_code ndr_err;
         NTSTATUS nt_status;
+       bool ok;
  
         ZERO_STRUCT(pac_upn);
  
@@ -142,6 +143,11 @@ NTSTATUS samba_get_upn_info_pac_blob(TALLOC_CTX *mem_ctx,
                 return nt_status;
         }
  
+       ok = data_blob_pad(mem_ctx, upn_data, 8);
+       if (!ok) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
         return NT_STATUS_OK;
  }
author	Joseph Sutton <josephsutton@catalyst.net.nz>
	Fri, 10 Dec 2021 01:59:22 +0000 (14:59 +1300)
committer	Andrew Bartlett <abartlet@samba.org>
	Wed, 15 Dec 2021 03:41:32 +0000 (03:41 +0000)
lib/util/data_blob.c		patch \| blob \| blame \| history
lib/util/data_blob.h		patch \| blob \| blame \| history
selftest/knownfail_heimdal_kdc		patch \| blob \| blame \| history
selftest/knownfail_mit_kdc		patch \| blob \| blame \| history
source4/kdc/pac-glue.c		patch \| blob \| blame \| history