From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 16 Jul 2015 20:46:05 +0000 (+0200)
Subject: CVE-2015-5370: dcerpc.idl: add DCERPC_{NCACN_PAYLOAD,FRAG}_MAX_SIZE defines
X-Git-Tag: samba-4.2.10~95
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=17d9204bb239de2b3ec85e953afb754d18c482c5;p=thirdparty%2Fsamba.git

CVE-2015-5370: dcerpc.idl: add DCERPC_{NCACN_PAYLOAD,FRAG}_MAX_SIZE defines

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---

diff --git a/librpc/idl/dcerpc.idl b/librpc/idl/dcerpc.idl
index f7bf59542b2..015eb3d1815 100644
--- a/librpc/idl/dcerpc.idl
+++ b/librpc/idl/dcerpc.idl
@@ -532,8 +532,10 @@ interface dcerpc
 	const uint8 DCERPC_PFC_OFFSET      =  3;
 	const uint8 DCERPC_DREP_OFFSET     =  4;
 	const uint8 DCERPC_FRAG_LEN_OFFSET =  8;
+	const uint32 DCERPC_FRAG_MAX_SIZE  = 5840;
 	const uint8 DCERPC_AUTH_LEN_OFFSET = 10;
 	const uint8 DCERPC_NCACN_PAYLOAD_OFFSET = 16;
+	const uint32 DCERPC_NCACN_PAYLOAD_MAX_SIZE = 0x400000; /* 4 MByte */
 
 	/* little-endian flag */
 	const uint8 DCERPC_DREP_LE  = 0x10;