Patches for https://bugzilla.samba.org/show_bug.cgi?id=11061

Andrew Bartlett abartlet at samba.org
Mon Jun 22 16:49:43 MDT 2015


On Mon, 2015-06-22 at 22:23 +0200, Stefan (metze) Metzmacher wrote:
> Hi,
> 
> here're patches for https://bugzilla.samba.org/show_bug.cgi?id=11061
> 
> The problem is that the source3 rpc server uses 8 byte aligned 
> padding
> relative
> to the pdu start, while windows uses 16 byte aligned padding relative 
> to the
> payload start. The heimdal gss_wrap() (called in
> gensec_gssapi_seal_packet()) code assumes the windows behaviour when
> working in dce_style mode. Otherwise is generated a too short 
> signature
> 68 bytes in this cases instead of the expected 76 bytes returned by
> gensec_gssapi_sig_size().
> 
> Please review and push.

The patches look good, as much as I've been able to understand them,
but my concern is this:

How did this break, and how can we test this to ensure we don't break
it again in the future?

Thanks,

Andrew Bartlett
-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team         http://samba.org
Samba Development and Support, Catalyst IT   http://catalyst.net.nz/services/samba





-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150623/752ee555/attachment.pgp>


More information about the samba-technical mailing list