[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Thu May 26 19:13:37 MDT 2011
On Fri, 2011-05-27 at 02:58 +0200, Jeremy Allison wrote:
> The branch, master has been updated
> via e05c9cd Fix bug #6911 - Kerberos authentication from vista to samba fails when security blob size is greater than 16 kB
> from 875e29b s3: Document "async smb echo handler"
>
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
>
>
> - Log -----------------------------------------------------------------
> commit e05c9cdcb6bf710ddb7d683916ca26857a3bce18
> Author: Jeremy Allison <jra at samba.org>
> Date: Thu May 26 16:48:42 2011 -0700
>
> Fix bug #6911 - Kerberos authentication from vista to samba fails when security blob size is greater than 16 kB
>
> We were not correctly checking the output of asn1_start_tag().
> asn1_start_tag() returns -1 and sets data->has_error if the
> remaining blob size is too short to contain the tag length.
> We were checking data->has_error and returning NT_STATUS_OK
> (to allow the second asn.1 parse to fail in that case). We
> should not be checking data->has_error in this case, but
> falling through to the code that already checks the length.
>
> Thanks to Jim for reproducing this for me. We don't get bitten
> by this as we announce a max buffer size of 16k, greater than
> Windows's 4k, which means that most krb5 spnego packets already
> fit.
>
> Jeremy.
>
> Autobuild-User: Jeremy Allison <jra at samba.org>
> Autobuild-Date: Fri May 27 02:57:27 CEST 2011 on sn-devel-104
How many groups did it take to make this fail?
I've already promised to write a test for this (I can add more groups to
the ktest environment I made the blobs for ktest with), but some details
will make that process easier.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list