1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

gensec:spnego: ignore trailing bytes in SPNEGO_SERVER_START state

This matches Windows (at least Server 2012_R2).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
Stefan Metzmacher 2020-11-11 17:03:29 +01:00 committed by Andreas Schneider
parent 55dd8bdb05
commit 86808d66f3
2 changed files with 17 additions and 10 deletions

View File

@ -1758,6 +1758,7 @@ static NTSTATUS gensec_spnego_update_in(struct gensec_security *gensec_security,
const DATA_BLOB in, TALLOC_CTX *mem_ctx, const DATA_BLOB in, TALLOC_CTX *mem_ctx,
DATA_BLOB *full_in) DATA_BLOB *full_in)
{ {
DATA_BLOB consume = data_blob_null;
struct spnego_state *spnego_state = struct spnego_state *spnego_state =
talloc_get_type_abort(gensec_security->private_data, talloc_get_type_abort(gensec_security->private_data,
struct spnego_state); struct spnego_state);
@ -1824,17 +1825,26 @@ static NTSTATUS gensec_spnego_update_in(struct gensec_security *gensec_security,
return NT_STATUS_INVALID_PARAMETER; return NT_STATUS_INVALID_PARAMETER;
} }
consume = in;
expected = spnego_state->in_needed - spnego_state->in_frag.length; expected = spnego_state->in_needed - spnego_state->in_frag.length;
if (in.length > expected) { if (consume.length > expected) {
if (spnego_state->state_position != SPNEGO_SERVER_START) {
/*
* we got more than expected
*/
return NT_STATUS_INVALID_PARAMETER;
}
/* /*
* we got more than expected * In SPNEGO_SERVER_START we need to ignore unexpected
* bytes at the end.
*/ */
return NT_STATUS_INVALID_PARAMETER; consume.length = expected;
} }
if (in.length == spnego_state->in_needed) { if (consume.length == spnego_state->in_needed) {
/* /*
* if the in.length contains the full blob * if the consume.length contains the full blob
* we are done. * we are done.
* *
* Note: this implies spnego_state->in_frag.length == 0, * Note: this implies spnego_state->in_frag.length == 0,
@ -1842,13 +1852,13 @@ static NTSTATUS gensec_spnego_update_in(struct gensec_security *gensec_security,
* because we already know that we did not get * because we already know that we did not get
* more than expected. * more than expected.
*/ */
*full_in = in; *full_in = consume;
spnego_state->in_needed = 0; spnego_state->in_needed = 0;
return NT_STATUS_OK; return NT_STATUS_OK;
} }
ok = data_blob_append(spnego_state, &spnego_state->in_frag, ok = data_blob_append(spnego_state, &spnego_state->in_frag,
in.data, in.length); consume.data, consume.length);
if (!ok) { if (!ok) {
return NT_STATUS_NO_MEMORY; return NT_STATUS_NO_MEMORY;
} }

View File

@ -1,7 +1,4 @@
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_full_pad_spnego_alter
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_full_pad_spnego_auth3
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_ntlm ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_ntlm
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_spnego ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_spnego
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_ntlm_2889_auth3 ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_ntlm_2889_auth3
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_spnego_alter
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_spnego_auth3 ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_spnego_auth3