diff --git a/auth/ntlmssp/ntlmssp.c b/auth/ntlmssp/ntlmssp.c index 745f2628d21..c9360a5fa2d 100644 --- a/auth/ntlmssp/ntlmssp.c +++ b/auth/ntlmssp/ntlmssp.c @@ -36,6 +36,8 @@ struct auth_session_info; #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH +#define NTLMSSP_MAX_UPDATE_SIZE 2888 + /** * Callbacks for NTLMSSP - for both client and server operating modes * @@ -136,6 +138,13 @@ static NTSTATUS gensec_ntlmssp_update_find(struct gensec_security *gensec_securi } } + if (input.length > NTLMSSP_MAX_UPDATE_SIZE) { + DBG_WARNING("reject large command=%u message, length %zu > %u)\n", + ntlmssp_command, input.length, + NTLMSSP_MAX_UPDATE_SIZE); + return NT_STATUS_INVALID_PARAMETER; + } + if (ntlmssp_command != gensec_ntlmssp->ntlmssp_state->expected_state) { DEBUG(2, ("got NTLMSSP command %u, expected %u\n", ntlmssp_command, gensec_ntlmssp->ntlmssp_state->expected_state)); diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c index a50ff661f5f..8c2a1f9c0aa 100644 --- a/auth/ntlmssp/ntlmssp_client.c +++ b/auth/ntlmssp/ntlmssp_client.c @@ -142,12 +142,6 @@ NTSTATUS gensec_ntlmssp_resume_ccache(struct gensec_security *gensec_security, /* parse the NTLMSSP packet */ - if (in.length > UINT16_MAX) { - DEBUG(1, ("%s: reject large request of length %u\n", - __func__, (unsigned int)in.length)); - return NT_STATUS_INVALID_PARAMETER; - } - ok = msrpc_parse(ntlmssp_state, &in, "Cdd", "NTLMSSP", &ntlmssp_command, diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c index 1e49379a8ed..2e25c4efab5 100644 --- a/auth/ntlmssp/ntlmssp_server.c +++ b/auth/ntlmssp/ntlmssp_server.c @@ -124,12 +124,6 @@ NTSTATUS gensec_ntlmssp_server_negotiate(struct gensec_security *gensec_security #endif if (request.length) { - if (request.length > UINT16_MAX) { - DEBUG(1, ("ntlmssp_server_negotiate: reject large request of length %u\n", - (unsigned int)request.length)); - return NT_STATUS_INVALID_PARAMETER; - } - if ((request.length < 16) || !msrpc_parse(ntlmssp_state, &request, "Cdd", "NTLMSSP", &ntlmssp_command, diff --git a/selftest/knownfail.d/dcerpc-auth-pad b/selftest/knownfail.d/dcerpc-auth-pad index e4fdd21e1dc..eab7637fc40 100644 --- a/selftest/knownfail.d/dcerpc-auth-pad +++ b/selftest/knownfail.d/dcerpc-auth-pad @@ -2,10 +2,6 @@ ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_full_pad_spnego_auth3 ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_ntlm ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_spnego -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_ntlm_2889_alter ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_ntlm_2889_auth3 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_ntlm_2889_bind -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_ntlm_alter -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_ntlm_auth3 ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_spnego_alter ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_spnego_auth3