Patches for https://bugzilla.samba.org/show_bug.cgi?id=11061
Andrew Bartlett
abartlet at samba.org
Mon Jun 22 16:49:43 MDT 2015
On Mon, 2015-06-22 at 22:23 +0200, Stefan (metze) Metzmacher wrote:
> Hi,
>
> here're patches for https://bugzilla.samba.org/show_bug.cgi?id=11061
>
> The problem is that the source3 rpc server uses 8 byte aligned
> padding
> relative
> to the pdu start, while windows uses 16 byte aligned padding relative
> to the
> payload start. The heimdal gss_wrap() (called in
> gensec_gssapi_seal_packet()) code assumes the windows behaviour when
> working in dce_style mode. Otherwise is generated a too short
> signature
> 68 bytes in this cases instead of the expected 76 bytes returned by
> gensec_gssapi_sig_size().
>
> Please review and push.
The patches look good, as much as I've been able to understand them,
but my concern is this:
How did this break, and how can we test this to ensure we don't break
it again in the future?
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Development and Support, Catalyst IT http://catalyst.net.nz/services/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150623/752ee555/attachment.pgp>
More information about the samba-technical
mailing list