dcerpc_util: don't allow auth_padding for BIND, ALTER_CONTEXT and AUTH3 pdus

author Stefan Metzmacher <metze@samba.org>

Tue, 24 Sep 2024 07:32:24 +0000 (09:32 +0200)

committer Andreas Schneider <asn@cryptomilk.org>

Thu, 10 Oct 2024 14:01:04 +0000 (14:01 +0000)
author Stefan Metzmacher <metze@samba.org>
Tue, 24 Sep 2024 07:32:24 +0000 (09:32 +0200)
committer Andreas Schneider <asn@cryptomilk.org>
Thu, 10 Oct 2024 14:01:04 +0000 (14:01 +0000)
diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c

index 75a49323078d94f9077fc81def89a25bfc427dc5..716252bd69d9224f386faeeb65466216cce6c7ab 100644 (file)
--- a/librpc/rpc/dcerpc_util.c
+++ b/librpc/rpc/dcerpc_util.c
@@ -324,11 +324,20 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
          * protection for REQUEST and RESPONSE pdus, where the
          * auth_pad_length field is actually used by the caller.
          */
-       tmp_length = DCERPC_REQUEST_LENGTH;
-       tmp_length += DCERPC_AUTH_TRAILER_LENGTH;
-       tmp_length += pkt->auth_length;
-       if (tmp_length < pkt->frag_length) {
-               max_pad_len = pkt->frag_length - tmp_length;
+       switch (pkt->ptype) {
+       case DCERPC_PKT_BIND:
+       case DCERPC_PKT_ALTER:
+       case DCERPC_PKT_AUTH3:
+               max_pad_len = 0;
+               break;
+       default:
+               tmp_length = DCERPC_REQUEST_LENGTH;
+               tmp_length += DCERPC_AUTH_TRAILER_LENGTH;
+               tmp_length += pkt->auth_length;
+               if (tmp_length < pkt->frag_length) {
+                       max_pad_len = pkt->frag_length - tmp_length;
+               }
+               break;
         }
         if (max_pad_len < auth->auth_pad_length) {
                 DEBUG(1, (__location__ ": ERROR: pad length too large. "
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py

index 7787c968952a931f9aa88e72cca93ffae53e0c6b..3b046c27a28134fb1a303cdc5b6fc6591c4b9c8d 100755 (executable)
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -1370,12 +1370,10 @@ planoldpythontestsuite("ad_dc", "samba.tests.dcerpc.dnsserver", extra_args=['-U"
  
  planoldpythontestsuite("chgdcpass", "samba.tests.dcerpc.raw_protocol",
                         environ={"MAX_NUM_AUTH": "8",
-                                "ALLOW_BIND_AUTH_PAD": "1",
                                  "USERNAME": "$DC_USERNAME",
                                  "PASSWORD": "$DC_PASSWORD"})
  planoldpythontestsuite("ad_member", "samba.tests.dcerpc.raw_protocol",
                         environ={"MAX_NUM_AUTH": "8",
-                                "ALLOW_BIND_AUTH_PAD": "1",
                                  "AUTH_LEVEL_CONNECT_LSA": "1",
                                  "USERNAME": "$DC_USERNAME",
                                  "PASSWORD": "$DC_PASSWORD"})
author	Stefan Metzmacher <metze@samba.org>
	Tue, 24 Sep 2024 07:32:24 +0000 (09:32 +0200)
committer	Andreas Schneider <asn@cryptomilk.org>
	Thu, 10 Oct 2024 14:01:04 +0000 (14:01 +0000)
librpc/rpc/dcerpc_util.c		patch \| blob \| blame \| history
source4/selftest/tests.py		patch \| blob \| blame \| history