[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Thu Feb 18 17:12:47 MST 2010
The branch, master has been updated
via 91a4db6... More fixes for bug #7146 - Samba miss-parses authenticated RPC packets.
from 13533e1... s3-spoolss: add support for _spoolss_SetPrinter level 8.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 91a4db635802a391a560b739c996b5599a3df1a4
Author: Jeremy Allison <jra at samba.org>
Date: Thu Feb 18 16:12:04 2010 -0800
More fixes for bug #7146 - Samba miss-parses authenticated RPC packets.
Alignment space calculations are tricky :-).
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_server/srv_pipe.c | 47 +++++++++++++++++++++++++++--------------
1 files changed, 31 insertions(+), 16 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 1c10525..23f947f 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -1,7 +1,7 @@
/*
* Unix SMB/CIFS implementation.
* RPC Pipe client / server routines
- * Almost completely rewritten by (C) Jeremy Allison 2005.
+ * Almost completely rewritten by (C) Jeremy Allison 2005 - 2010
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -108,15 +108,9 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
return False;
}
- if (data_len_left % SERVER_NDR_PADDING_SIZE) {
- ss_padding_len = SERVER_NDR_PADDING_SIZE - (data_len_left % SERVER_NDR_PADDING_SIZE);
- DEBUG(10,("create_next_pdu_ntlmssp: adding sign/seal padding of %u\n",
- ss_padding_len ));
- }
-
+ /* Space available - not including padding. */
data_space_available = RPC_MAX_PDU_FRAG_LEN - RPC_HEADER_LEN -
- RPC_HDR_RESP_LEN - ss_padding_len - RPC_HDR_AUTH_LEN -
- NTLMSSP_SIG_SIZE;
+ RPC_HDR_RESP_LEN - RPC_HDR_AUTH_LEN - NTLMSSP_SIG_SIZE;
/*
* The amount we send is the minimum of the available
@@ -125,6 +119,19 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
data_len = MIN(data_len_left, data_space_available);
+ /* Work out any padding alignment requirements. */
+ if ((RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len) % SERVER_NDR_PADDING_SIZE) {
+ ss_padding_len = SERVER_NDR_PADDING_SIZE -
+ ((RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len) % SERVER_NDR_PADDING_SIZE);
+ DEBUG(10,("create_next_pdu_ntlmssp: adding sign/seal padding of %u\n",
+ ss_padding_len ));
+ /* If we're over filling the packet, we need to make space
+ * for the padding at the end of the data. */
+ if (data_len + ss_padding_len > data_space_available) {
+ data_len -= SERVER_NDR_PADDING_SIZE;
+ }
+ }
+
/*
* Set up the alloc hint. This should be the data left to
* send.
@@ -329,14 +336,9 @@ static bool create_next_pdu_schannel(pipes_struct *p)
return False;
}
- if (data_len_left % SERVER_NDR_PADDING_SIZE) {
- ss_padding_len = SERVER_NDR_PADDING_SIZE - (data_len_left % SERVER_NDR_PADDING_SIZE);
- DEBUG(10,("create_next_pdu_schannel: adding sign/seal padding of %u\n",
- ss_padding_len ));
- }
-
+ /* Space available - not including padding. */
data_space_available = RPC_MAX_PDU_FRAG_LEN - RPC_HEADER_LEN
- - RPC_HDR_RESP_LEN - ss_padding_len - RPC_HDR_AUTH_LEN
+ - RPC_HDR_RESP_LEN - RPC_HDR_AUTH_LEN
- RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN;
/*
@@ -346,6 +348,19 @@ static bool create_next_pdu_schannel(pipes_struct *p)
data_len = MIN(data_len_left, data_space_available);
+ /* Work out any padding alignment requirements. */
+ if ((RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len) % SERVER_NDR_PADDING_SIZE) {
+ ss_padding_len = SERVER_NDR_PADDING_SIZE -
+ ((RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len) % SERVER_NDR_PADDING_SIZE);
+ DEBUG(10,("create_next_pdu_schannel: adding sign/seal padding of %u\n",
+ ss_padding_len ));
+ /* If we're over filling the packet, we need to make space
+ * for the padding at the end of the data. */
+ if (data_len + ss_padding_len > data_space_available) {
+ data_len -= SERVER_NDR_PADDING_SIZE;
+ }
+ }
+
/*
* Set up the alloc hint. This should be the data left to
* send.
--
Samba Shared Repository
More information about the samba-cvs
mailing list