mirror of
https://github.com/samba-team/samba.git
synced 2025-01-18 06:04:06 +03:00
gensec:spnego: ignore trailing bytes in SPNEGO_SERVER_START state
This matches Windows (at least Server 2012_R2). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 86808d66f30136850f857b749e768c88de3a079f)
This commit is contained in:
parent
a7742b3519
commit
70889a5f2f
@ -1775,6 +1775,7 @@ static NTSTATUS gensec_spnego_update_in(struct gensec_security *gensec_security,
|
||||
const DATA_BLOB in, TALLOC_CTX *mem_ctx,
|
||||
DATA_BLOB *full_in)
|
||||
{
|
||||
DATA_BLOB consume = data_blob_null;
|
||||
struct spnego_state *spnego_state =
|
||||
talloc_get_type_abort(gensec_security->private_data,
|
||||
struct spnego_state);
|
||||
@ -1841,17 +1842,26 @@ static NTSTATUS gensec_spnego_update_in(struct gensec_security *gensec_security,
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
consume = in;
|
||||
expected = spnego_state->in_needed - spnego_state->in_frag.length;
|
||||
if (in.length > expected) {
|
||||
if (consume.length > expected) {
|
||||
if (spnego_state->state_position != SPNEGO_SERVER_START) {
|
||||
/*
|
||||
* we got more than expected
|
||||
*/
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
if (in.length == spnego_state->in_needed) {
|
||||
/*
|
||||
* if the in.length contains the full blob
|
||||
* In SPNEGO_SERVER_START we need to ignore unexpected
|
||||
* bytes at the end.
|
||||
*/
|
||||
consume.length = expected;
|
||||
}
|
||||
|
||||
if (consume.length == spnego_state->in_needed) {
|
||||
/*
|
||||
* if the consume.length contains the full blob
|
||||
* we are done.
|
||||
*
|
||||
* Note: this implies spnego_state->in_frag.length == 0,
|
||||
@ -1859,13 +1869,13 @@ static NTSTATUS gensec_spnego_update_in(struct gensec_security *gensec_security,
|
||||
* because we already know that we did not get
|
||||
* more than expected.
|
||||
*/
|
||||
*full_in = in;
|
||||
*full_in = consume;
|
||||
spnego_state->in_needed = 0;
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
ok = data_blob_append(spnego_state, &spnego_state->in_frag,
|
||||
in.data, in.length);
|
||||
consume.data, consume.length);
|
||||
if (!ok) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
@ -1,7 +1,4 @@
|
||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_full_pad_spnego_alter
|
||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_full_pad_spnego_auth3
|
||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_ntlm
|
||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_spnego
|
||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_ntlm_2889_auth3
|
||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_spnego_alter
|
||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_spnego_auth3
|
||||
|
Loading…
x
Reference in New Issue
Block a user