mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
gensec:ntlmssp: only allow messages up to 2888 bytes
This matches Windows (at least Server 2012_R2). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
parent
31a422b7e5
commit
55dd8bdb05
@ -36,6 +36,8 @@ struct auth_session_info;
|
||||
#undef DBGC_CLASS
|
||||
#define DBGC_CLASS DBGC_AUTH
|
||||
|
||||
#define NTLMSSP_MAX_UPDATE_SIZE 2888
|
||||
|
||||
/**
|
||||
* Callbacks for NTLMSSP - for both client and server operating modes
|
||||
*
|
||||
@ -136,6 +138,13 @@ static NTSTATUS gensec_ntlmssp_update_find(struct gensec_security *gensec_securi
|
||||
}
|
||||
}
|
||||
|
||||
if (input.length > NTLMSSP_MAX_UPDATE_SIZE) {
|
||||
DBG_WARNING("reject large command=%u message, length %zu > %u)\n",
|
||||
ntlmssp_command, input.length,
|
||||
NTLMSSP_MAX_UPDATE_SIZE);
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
if (ntlmssp_command != gensec_ntlmssp->ntlmssp_state->expected_state) {
|
||||
DEBUG(2, ("got NTLMSSP command %u, expected %u\n", ntlmssp_command,
|
||||
gensec_ntlmssp->ntlmssp_state->expected_state));
|
||||
|
@ -142,12 +142,6 @@ NTSTATUS gensec_ntlmssp_resume_ccache(struct gensec_security *gensec_security,
|
||||
|
||||
/* parse the NTLMSSP packet */
|
||||
|
||||
if (in.length > UINT16_MAX) {
|
||||
DEBUG(1, ("%s: reject large request of length %u\n",
|
||||
__func__, (unsigned int)in.length));
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
ok = msrpc_parse(ntlmssp_state, &in, "Cdd",
|
||||
"NTLMSSP",
|
||||
&ntlmssp_command,
|
||||
|
@ -124,12 +124,6 @@ NTSTATUS gensec_ntlmssp_server_negotiate(struct gensec_security *gensec_security
|
||||
#endif
|
||||
|
||||
if (request.length) {
|
||||
if (request.length > UINT16_MAX) {
|
||||
DEBUG(1, ("ntlmssp_server_negotiate: reject large request of length %u\n",
|
||||
(unsigned int)request.length));
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
if ((request.length < 16) || !msrpc_parse(ntlmssp_state, &request, "Cdd",
|
||||
"NTLMSSP",
|
||||
&ntlmssp_command,
|
||||
|
@ -2,10 +2,6 @@
|
||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_full_pad_spnego_auth3
|
||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_ntlm
|
||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_spnego
|
||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_ntlm_2889_alter
|
||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_ntlm_2889_auth3
|
||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_ntlm_2889_bind
|
||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_ntlm_alter
|
||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_ntlm_auth3
|
||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_spnego_alter
|
||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_spnego_auth3
|
||||
|
Loading…
Reference in New Issue
Block a user