From 6309b9a770cd254cfd0ade0b68259628551d2cd6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 11 Nov 2020 17:07:54 +0100 Subject: [PATCH] dcerpc_util: let dcerpc_pull_auth_trailer() ignore data_and_pad for bind, alter, auth3 Sometimes Windows sends 3 presentation contexts (NDR32, NDR64, BindTimeFeatureNegotiation) in the first BIND of an association. Binding an additional connection to the association seems to reuse the BIND buffer and just changes the num_contexts field from 3 to 2 and leaves the BindTimeFeatureNegotiation context as padding in places. Note, the auth_pad_length field is send as 0 in that case, which means we need to ignore it completely, as well as any padding before the auth header. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit 85b2dcd93848a590727dac243e8eb3614be75fad) --- librpc/rpc/dcerpc_util.c | 33 ++-------------------------- selftest/knownfail.d/dcerpc-auth-pad | 6 ----- 2 files changed, 2 insertions(+), 37 deletions(-) diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c index ffe80f3182d..3258480087e 100644 --- a/librpc/rpc/dcerpc_util.c +++ b/librpc/rpc/dcerpc_util.c @@ -361,10 +361,9 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt, * * See also bug #11982. */ - if (auth_data_only && data_and_pad == 0 && - auth->auth_pad_length > 0) { + if (auth_data_only) { /* - * we need to ignore invalid auth_pad_length + * We need to ignore auth_pad_length * values for BIND_*, ALTER_* and AUTH3 pdus. */ auth->auth_pad_length = 0; @@ -384,34 +383,6 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt, return NT_STATUS_RPC_PROTOCOL_ERROR; } - if (auth_data_only && data_and_pad > auth->auth_pad_length) { - DBG_WARNING(__location__ ": ERROR: auth_data_only pad length mismatch. " - "Client sent a longer BIND packet than expected by %"PRIu16" bytes " - "(pkt_trailer->length=%zu - auth_length=%"PRIu16") " - "= %"PRIu16" auth_pad_length=%"PRIu8"\n", - data_and_pad - auth->auth_pad_length, - pkt_trailer->length, - auth_length, - data_and_pad, - auth->auth_pad_length); - talloc_free(ndr); - ZERO_STRUCTP(auth); - return NT_STATUS_RPC_PROTOCOL_ERROR; - } - - if (auth_data_only && data_and_pad != auth->auth_pad_length) { - DBG_WARNING(__location__ ": ERROR: auth_data_only pad length mismatch. " - "Calculated %"PRIu16" (pkt_trailer->length=%zu - auth_length=%"PRIu16") " - "but auth_pad_length=%"PRIu8"\n", - data_and_pad, - pkt_trailer->length, - auth_length, - auth->auth_pad_length); - talloc_free(ndr); - ZERO_STRUCTP(auth); - return NT_STATUS_RPC_PROTOCOL_ERROR; - } - DBG_DEBUG("auth_pad_length %"PRIu8"\n", auth->auth_pad_length); diff --git a/selftest/knownfail.d/dcerpc-auth-pad b/selftest/knownfail.d/dcerpc-auth-pad index ae54bd75cc9..29a7fcc48fd 100644 --- a/selftest/knownfail.d/dcerpc-auth-pad +++ b/selftest/knownfail.d/dcerpc-auth-pad @@ -1,11 +1,5 @@ -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_full_pad_ntlm_alter -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_full_pad_ntlm_auth3 ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_full_pad_spnego_alter ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_full_pad_spnego_auth3 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_mid_pad_ntlm_alter -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_mid_pad_ntlm_auth3 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_mid_pad_spnego_alter -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_mid_pad_spnego_auth3 ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_ntlm ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_spnego ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_ntlm_2889_alter -- 2.47.2