sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-10-23 11:33:16 +03:00
Code Activity

r19502: fixed the RPC-SECRETS test with kerberos. Andrew, can you look at this

Browse Source 
as well?

The server side change is needed to fix a valgrind error, which was
possibly exploitable if the client sent deliberately bad data
This commit is contained in:
Andrew Tridgell
2006-10-28 04:17:43 +00:00
committed by Gerald (Jerry) Carter
parent c260b17568
commit e3c04cf165
2 changed files with 20 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
source/rpc_server/dcesrv_auth.c
View File

@@ -470,19 +470,14 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call,
&creds2);
if (NT_STATUS_IS_OK(status)) {
status = data_blob_realloc(call, blob,
blob->length - dce_conn->auth_state.auth_info->credentials.length +
creds2.length);
}
if (NT_STATUS_IS_OK(status)) {
memcpy(blob->data + blob->length - dce_conn->auth_state.auth_info->credentials.length,
creds2.data, creds2.length);
blob->length -= dce_conn->auth_state.auth_info->credentials.length;
status = data_blob_append(call, blob, creds2.data, creds2.length);
}
/* If we did AEAD signing of the packet headers, then we hope
* this value didn't change... */
dcerpc_set_auth_length(blob, creds2.length);
dcerpc_set_frag_length(blob, dcerpc_get_frag_length(blob)+creds2.length);
data_blob_free(&creds2);
break;
@@ -495,20 +490,14 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call,
blob->length - dce_conn->auth_state.auth_info->credentials.length,
&creds2);
if (NT_STATUS_IS_OK(status)) {
status = data_blob_realloc(call, blob,
blob->length - dce_conn->auth_state.auth_info->credentials.length +
creds2.length);
}
if (NT_STATUS_IS_OK(status)) {
memcpy(blob->data + blob->length - dce_conn->auth_state.auth_info->credentials.length,
creds2.data, creds2.length);
blob->length -= dce_conn->auth_state.auth_info->credentials.length;
status = data_blob_append(call, blob, creds2.data, creds2.length);
}
/* If we did AEAD signing of the packet headers, then we hope
* this value didn't change... */
dcerpc_set_auth_length(blob, creds2.length);
dcerpc_set_frag_length(blob, dcerpc_get_frag_length(blob)+creds2.length);
data_blob_free(&creds2);
break;