NDR64 dcerpc_bind_ack unmarshalling failures
David Disseldorp
ddiss at suse.de
Tue Apr 3 09:18:43 MDT 2012
Hi,
NDR64 DCERPC binds currently fail against Windows Server "8" Beta due
to errors when unmarshalling bind_ack PDUs.
dcerpc bind ack is currently defined as follows:
typedef struct {
uint16 max_xmit_frag;
uint16 max_recv_frag;
uint32 assoc_group_id;
[value(strlen(secondary_address)+1)] uint16 secondary_address_size;
[charset(DOS)] uint8 secondary_address[secondary_address_size];
[flag(NDR_ALIGN4)] DATA_BLOB _pad1;
uint8 num_results;
dcerpc_ack_ctx ctx_list[num_results];
[flag(NDR_REMAINING)] DATA_BLOB auth_info;
} dcerpc_bind_ack;
This is compiled by pidl into:
static enum ndr_err_code ndr_pull_dcerpc_bind_ack(struct ndr_pull *ndr, int ndr_flags, struct dcerpc_bind_ack *r)
{
...
if (ndr_flags & NDR_SCALARS) {
...
{
uint32_t _flags_save_DATA_BLOB = ndr->flags;
ndr_set_flags(&ndr->flags, LIBNDR_FLAG_REMAINING);
NDR_CHECK(ndr_pull_DATA_BLOB(ndr, NDR_SCALARS, &r->auth_info));
ndr->flags = _flags_save_DATA_BLOB;
}
NDR_CHECK(ndr_pull_trailer_align(ndr, 4));
With the NDR_REMAINING flag set, ndr_pull_DATA_BLOB pulls all trailing
packet bytes into r->auth_info, leaving ndr->offset == ndr->data_size.
My Windows Server "8" Beta bind_ack response is 323 bytes which causes
the subsequent ndr_pull_trailer_align() call to fail with
NDR_ERR_BUFSIZE.
Removing ndr_pull_trailer_align() from ParseStructPullPrimitives()
results in successful NDR64 bind_ack unmarshalling and allows the
bind to complete, however appears to be contrary to MS-RPCE
2.2.5.3.4.1 requirements.
Any IDL experts able to point me in the right direction here?
Cheers, David
More information about the samba-technical
mailing list