NDR64 dcerpc_bind_ack unmarshalling failures

Stefan (metze) Metzmacher metze at samba.org
Tue Apr 3 12:07:02 MDT 2012


Hi David,

> On Tue, 03 Apr 2012 18:21:57 +0200
> "Stefan (metze) Metzmacher" <metze at samba.org> wrote:
> ...
>>> This is compiled by pidl into:
>>> static enum ndr_err_code ndr_pull_dcerpc_bind_ack(struct ndr_pull *ndr, int ndr_flags, struct dcerpc_bind_ack *r)
>>> {
>>> ...
>>>         if (ndr_flags & NDR_SCALARS) {
>>> ...
>>>                 { 
>>>                         uint32_t _flags_save_DATA_BLOB = ndr->flags;
>>>                         ndr_set_flags(&ndr->flags, LIBNDR_FLAG_REMAINING);
>>>                         NDR_CHECK(ndr_pull_DATA_BLOB(ndr, NDR_SCALARS, &r->auth_info));
>>>                         ndr->flags = _flags_save_DATA_BLOB;
>>>                 } 
>>>                 NDR_CHECK(ndr_pull_trailer_align(ndr, 4));
>>>
>>> With the NDR_REMAINING flag set, ndr_pull_DATA_BLOB pulls all trailing
>>> packet bytes into r->auth_info, leaving ndr->offset == ndr->data_size.
>>> My Windows Server "8" Beta bind_ack response is 323 bytes which causes
>>> the subsequent ndr_pull_trailer_align() call to fail with
>>> NDR_ERR_BUFSIZE.
>>>
> ...
>>
>> What has that to do with NDR64? As far as I know NDR64 is only used for
>> the payload
>> not for the DCERPC pdus.
> 
> ndr_pull_trailer_align() only attempts to pulls alignment bytes when
> NDR64 is in use.

We should not have NDR64 at that layer.

>> Can you post a capture?
> 
> Sure:
> http://samba.org/~ddiss/ndr64_dcerpc_bind_with_alignment_pull.cap

Does this fixes the problem for you?

https://gitweb.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=05ceb53dda1ac5e17c02dc42018636312cde2170

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120403/8e1eacb2/attachment.pgp>


More information about the samba-technical mailing list