From: Stefan Metzmacher Date: Mon, 7 Aug 2023 14:16:27 +0000 (+0200) Subject: librpc/rpc: let dcerpc_read_ncacn_packet_next_vector() handle fragments without any... X-Git-Tag: tevent-0.16.0~1082 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5c724a3e156ae734e4d187bf9639d895bb011834;p=thirdparty%2Fsamba.git librpc/rpc: let dcerpc_read_ncacn_packet_next_vector() handle fragments without any payload DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED don't have any payload by default. In order to receive them via dcerpc_read_ncacn_packet_send/recv we need to allow fragments with frag_len == DCERPC_NCACN_PAYLOAD_OFFSET. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446 Signed-off-by: Stefan Metzmacher Reviewed-by: Volker Lendecke --- diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c index 0ecb2bff1fa..a3a734b0c09 100644 --- a/librpc/rpc/dcerpc_util.c +++ b/librpc/rpc/dcerpc_util.c @@ -565,9 +565,14 @@ static int dcerpc_read_ncacn_packet_next_vector(struct tstream_context *stream, ofs = state->buffer.length; - if (frag_len < ofs) { + if (frag_len <= ofs) { /* - * something is wrong, let the caller deal with it + * With frag_len == ofs, we are done, this is likely + * a DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED + * without any payload. + * + * Otherwise it's a broken packet and we + * let the caller deal with it. */ *_vector = NULL; *_count = 0;