gensec:spnego: ignore trailing bytes in SPNEGO_SERVER_START state

author Stefan Metzmacher <metze@samba.org>

Wed, 11 Nov 2020 16:03:29 +0000 (17:03 +0100)

committer Jule Anger <janger@samba.org>

Thu, 7 Nov 2024 08:18:16 +0000 (08:18 +0000)
author Stefan Metzmacher <metze@samba.org>
Wed, 11 Nov 2020 16:03:29 +0000 (17:03 +0100)
committer Jule Anger <janger@samba.org>
Thu, 7 Nov 2024 08:18:16 +0000 (08:18 +0000)
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c

index fcb5a06439e5534c66610ce33421f89fab269150..9b32088a6a4c3176262b18db483c57e0eb18ecfa 100644 (file)
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -1775,6 +1775,7 @@ static NTSTATUS gensec_spnego_update_in(struct gensec_security *gensec_security,
                                         const DATA_BLOB in, TALLOC_CTX *mem_ctx,
                                         DATA_BLOB *full_in)
  {
+       DATA_BLOB consume = data_blob_null;
         struct spnego_state *spnego_state =
                 talloc_get_type_abort(gensec_security->private_data,
                 struct spnego_state);
@@ -1841,17 +1842,26 @@ static NTSTATUS gensec_spnego_update_in(struct gensec_security *gensec_security,
                 return NT_STATUS_INVALID_PARAMETER;
         }
  
+       consume = in;
         expected = spnego_state->in_needed - spnego_state->in_frag.length;
-       if (in.length > expected) {
+       if (consume.length > expected) {
+               if (spnego_state->state_position != SPNEGO_SERVER_START) {
+                       /*
+                        * we got more than expected
+                        */
+                       return NT_STATUS_INVALID_PARAMETER;
+               }
+
                 /*
-                * we got more than expected
+                * In SPNEGO_SERVER_START we need to ignore unexpected
+                * bytes at the end.
                  */
-               return NT_STATUS_INVALID_PARAMETER;
+               consume.length = expected;
         }
  
-       if (in.length == spnego_state->in_needed) {
+       if (consume.length == spnego_state->in_needed) {
                 /*
-                * if the in.length contains the full blob
+                * if the consume.length contains the full blob
                  * we are done.
                  *
                  * Note: this implies spnego_state->in_frag.length == 0,
@@ -1859,13 +1869,13 @@ static NTSTATUS gensec_spnego_update_in(struct gensec_security *gensec_security,
                  *       because we already know that we did not get
                  *       more than expected.
                  */
-               *full_in = in;
+               *full_in = consume;
                 spnego_state->in_needed = 0;
                 return NT_STATUS_OK;
         }
  
         ok = data_blob_append(spnego_state, &spnego_state->in_frag,
-                             in.data, in.length);
+                             consume.data, consume.length);
         if (!ok) {
                 return NT_STATUS_NO_MEMORY;
         }
diff --git a/selftest/knownfail.d/dcerpc-auth-pad b/selftest/knownfail.d/dcerpc-auth-pad

index eab7637fc407e9f408313aab3c98a40af40f6c95..cbfd1442c8648a057a538a09bd8e1e463fa1c156 100644 (file)
--- a/selftest/knownfail.d/dcerpc-auth-pad
+++ b/selftest/knownfail.d/dcerpc-auth-pad
@@ -1,7 +1,4 @@
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_full_pad_spnego_alter
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_full_pad_spnego_auth3
  ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_ntlm
  ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_spnego
  ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_ntlm_2889_auth3
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_spnego_alter
  ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_spnego_auth3
author	Stefan Metzmacher <metze@samba.org>
	Wed, 11 Nov 2020 16:03:29 +0000 (17:03 +0100)
committer	Jule Anger <janger@samba.org>
	Thu, 7 Nov 2024 08:18:16 +0000 (08:18 +0000)
auth/gensec/spnego.c		patch \| blob \| blame \| history
selftest/knownfail.d/dcerpc-auth-pad		patch \| blob \| blame \| history