[SCM] Samba Shared Repository - branch v3-2-test updated -
release-3-2-0pre2-3496-gf58a6c9
Jeremy Allison
jra at samba.org
Fri Mar 6 05:01:47 GMT 2009
The branch, v3-2-test has been updated
via f58a6c9e08b2b44399e0333b1358522aec70bbee (commit)
from 750f9d94b0a1208d45cc117df68042e1d83044bf (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit f58a6c9e08b2b44399e0333b1358522aec70bbee
Author: Jeremy Allison <jra at samba.org>
Date: Thu Mar 5 21:02:22 2009 -0800
Now we're allowing a lower bound for auth_len, ensure we
also check for an upper one (integer wrap).
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source/rpc_server/srv_pipe.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c
index 65bc0ae..39868c5 100644
--- a/source/rpc_server/srv_pipe.c
+++ b/source/rpc_server/srv_pipe.c
@@ -2101,7 +2101,11 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss
auth_len = p->hdr.auth_len;
- if (auth_len < RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) {
+ if (auth_len < RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN ||
+ auth_len < RPC_HEADER_LEN +
+ RPC_HDR_REQ_LEN +
+ RPC_HDR_AUTH_LEN +
+ auth_len) {
DEBUG(0,("Incorrect auth_len %u.\n", (unsigned int)auth_len ));
return False;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list