1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-03 01:18:10 +03:00

gensec:spnego: ignore trailing bytes in SPNEGO_SERVER_START state

This matches Windows (at least Server 2012_R2).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 86808d66f3)
This commit is contained in:
Stefan Metzmacher 2020-11-11 17:03:29 +01:00 committed by Jule Anger
parent a7742b3519
commit 70889a5f2f
2 changed files with 17 additions and 10 deletions

View File

@ -1775,6 +1775,7 @@ static NTSTATUS gensec_spnego_update_in(struct gensec_security *gensec_security,
const DATA_BLOB in, TALLOC_CTX *mem_ctx,
DATA_BLOB *full_in)
{
DATA_BLOB consume = data_blob_null;
struct spnego_state *spnego_state =
talloc_get_type_abort(gensec_security->private_data,
struct spnego_state);
@ -1841,17 +1842,26 @@ static NTSTATUS gensec_spnego_update_in(struct gensec_security *gensec_security,
return NT_STATUS_INVALID_PARAMETER;
}
consume = in;
expected = spnego_state->in_needed - spnego_state->in_frag.length;
if (in.length > expected) {
if (consume.length > expected) {
if (spnego_state->state_position != SPNEGO_SERVER_START) {
/*
* we got more than expected
*/
return NT_STATUS_INVALID_PARAMETER;
}
/*
* we got more than expected
* In SPNEGO_SERVER_START we need to ignore unexpected
* bytes at the end.
*/
return NT_STATUS_INVALID_PARAMETER;
consume.length = expected;
}
if (in.length == spnego_state->in_needed) {
if (consume.length == spnego_state->in_needed) {
/*
* if the in.length contains the full blob
* if the consume.length contains the full blob
* we are done.
*
* Note: this implies spnego_state->in_frag.length == 0,
@ -1859,13 +1869,13 @@ static NTSTATUS gensec_spnego_update_in(struct gensec_security *gensec_security,
* because we already know that we did not get
* more than expected.
*/
*full_in = in;
*full_in = consume;
spnego_state->in_needed = 0;
return NT_STATUS_OK;
}
ok = data_blob_append(spnego_state, &spnego_state->in_frag,
in.data, in.length);
consume.data, consume.length);
if (!ok) {
return NT_STATUS_NO_MEMORY;
}

View File

@ -1,7 +1,4 @@
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_full_pad_spnego_alter
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_full_pad_spnego_auth3
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_ntlm
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_spnego
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_ntlm_2889_auth3
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_spnego_alter
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_spnego_auth3