mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
dcerpc.idl: accept invalid dcerpc_bind_nak pdus
Older Samba versions (<= 4.1) had a bug in the dcerpc_bind_nak
idl, see commit f73ef3028c
.
Note: ndr_pull_dcerpc_bind_nak() was generated by pidl and
has been extended by the (_available == 0) check.
That's why we ignore the 80 char per line limit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11327
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 21 20:34:28 CEST 2015 on sn-devel-104
This commit is contained in:
parent
7cf45539da
commit
38d547bc0d
@ -114,7 +114,7 @@ interface dcerpc
|
|||||||
[flag(NDR_REMAINING)] DATA_BLOB auth_info;
|
[flag(NDR_REMAINING)] DATA_BLOB auth_info;
|
||||||
} dcerpc_bind_ack;
|
} dcerpc_bind_ack;
|
||||||
|
|
||||||
typedef [enum16bit] enum {
|
typedef [public,enum16bit] enum {
|
||||||
DCERPC_BIND_NAK_REASON_NOT_SPECIFIED = 0,
|
DCERPC_BIND_NAK_REASON_NOT_SPECIFIED = 0,
|
||||||
DCERPC_BIND_NAK_REASON_TEMPORARY_CONGESTION = 1,
|
DCERPC_BIND_NAK_REASON_TEMPORARY_CONGESTION = 1,
|
||||||
DCERPC_BIND_NAK_REASON_LOCAL_LIMIT_EXCEEDED = 2,
|
DCERPC_BIND_NAK_REASON_LOCAL_LIMIT_EXCEEDED = 2,
|
||||||
@ -128,12 +128,12 @@ interface dcerpc
|
|||||||
const int DCERPC_BIND_REASON_INVALID_AUTH_TYPE =
|
const int DCERPC_BIND_REASON_INVALID_AUTH_TYPE =
|
||||||
DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE;
|
DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE;
|
||||||
|
|
||||||
typedef struct {
|
typedef [public] struct {
|
||||||
uint8 rpc_vers; /* RPC version */
|
uint8 rpc_vers; /* RPC version */
|
||||||
uint8 rpc_vers_minor; /* Minor version */
|
uint8 rpc_vers_minor; /* Minor version */
|
||||||
} dcerpc_bind_nak_version;
|
} dcerpc_bind_nak_version;
|
||||||
|
|
||||||
typedef struct {
|
typedef [public,nopull] struct {
|
||||||
dcerpc_bind_nak_reason reject_reason;
|
dcerpc_bind_nak_reason reject_reason;
|
||||||
uint8 num_versions;
|
uint8 num_versions;
|
||||||
dcerpc_bind_nak_version versions[num_versions];
|
dcerpc_bind_nak_version versions[num_versions];
|
||||||
|
@ -24,6 +24,55 @@
|
|||||||
#include "librpc/gen_ndr/ndr_dcerpc.h"
|
#include "librpc/gen_ndr/ndr_dcerpc.h"
|
||||||
#include "librpc/gen_ndr/ndr_misc.h"
|
#include "librpc/gen_ndr/ndr_misc.h"
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This function was generated by pidl and
|
||||||
|
* has been extended by the (_available == 0) check.
|
||||||
|
*
|
||||||
|
* That's why we ignore the 80 char per line limit.
|
||||||
|
*/
|
||||||
|
enum ndr_err_code ndr_pull_dcerpc_bind_nak(struct ndr_pull *ndr, int ndr_flags, struct dcerpc_bind_nak *r)
|
||||||
|
{
|
||||||
|
uint32_t size_versions_0 = 0;
|
||||||
|
uint32_t cntr_versions_0;
|
||||||
|
TALLOC_CTX *_mem_save_versions_0 = NULL;
|
||||||
|
NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
|
||||||
|
if (ndr_flags & NDR_SCALARS) {
|
||||||
|
uint32_t _available;
|
||||||
|
NDR_CHECK(ndr_pull_align(ndr, 4));
|
||||||
|
NDR_CHECK(ndr_pull_dcerpc_bind_nak_reason(ndr, NDR_SCALARS, &r->reject_reason));
|
||||||
|
_available = ndr->data_size - ndr->offset;
|
||||||
|
if (_available == 0) {
|
||||||
|
/*
|
||||||
|
* This works around a bug in older
|
||||||
|
* Samba (<= 4.1) releases.
|
||||||
|
*
|
||||||
|
* See bug #11327.
|
||||||
|
*/
|
||||||
|
r->num_versions = 0;
|
||||||
|
} else {
|
||||||
|
NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->num_versions));
|
||||||
|
}
|
||||||
|
size_versions_0 = r->num_versions;
|
||||||
|
NDR_PULL_ALLOC_N(ndr, r->versions, size_versions_0);
|
||||||
|
_mem_save_versions_0 = NDR_PULL_GET_MEM_CTX(ndr);
|
||||||
|
NDR_PULL_SET_MEM_CTX(ndr, r->versions, 0);
|
||||||
|
for (cntr_versions_0 = 0; cntr_versions_0 < (size_versions_0); cntr_versions_0++) {
|
||||||
|
NDR_CHECK(ndr_pull_dcerpc_bind_nak_version(ndr, NDR_SCALARS, &r->versions[cntr_versions_0]));
|
||||||
|
}
|
||||||
|
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_versions_0, 0);
|
||||||
|
{
|
||||||
|
uint32_t _flags_save_DATA_BLOB = ndr->flags;
|
||||||
|
ndr_set_flags(&ndr->flags, LIBNDR_FLAG_REMAINING);
|
||||||
|
NDR_CHECK(ndr_pull_DATA_BLOB(ndr, NDR_SCALARS, &r->_pad));
|
||||||
|
ndr->flags = _flags_save_DATA_BLOB;
|
||||||
|
}
|
||||||
|
NDR_CHECK(ndr_pull_trailer_align(ndr, 4));
|
||||||
|
}
|
||||||
|
if (ndr_flags & NDR_BUFFERS) {
|
||||||
|
}
|
||||||
|
return NDR_ERR_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
const uint8_t DCERPC_SEC_VT_MAGIC[] = {0x8a,0xe3,0x13,0x71,0x02,0xf4,0x36,0x71};
|
const uint8_t DCERPC_SEC_VT_MAGIC[] = {0x8a,0xe3,0x13,0x71,0x02,0xf4,0x36,0x71};
|
||||||
|
|
||||||
_PUBLIC_ enum ndr_err_code ndr_push_dcerpc_sec_vt_count(struct ndr_push *ndr, int ndr_flags, const struct dcerpc_sec_vt_count *r)
|
_PUBLIC_ enum ndr_err_code ndr_push_dcerpc_sec_vt_count(struct ndr_push *ndr, int ndr_flags, const struct dcerpc_sec_vt_count *r)
|
||||||
|
Loading…
Reference in New Issue
Block a user