s4:rpc_server: let dcesrv_reply() use a sig_size for a padded payload

The sig_size could differ depending on the aligment/padding.
So should use the same alignment as we use for the payload.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 16f3837e026e4cae135bbdddf09b44a02af25b05)

diff --git a/source4/rpc_server/common/reply.c b/source4/rpc_server/common/reply.c
index 42830ef225fc05950c46573fb699038b17eb198c..007b68083bf017da041ae0513306b6bfc83c6a3a 100644 (file)
--- a/source4/rpc_server/common/reply.c
+++ b/source4/rpc_server/common/reply.c
@@ -187,8 +187,13 @@ _PUBLIC_ NTSTATUS dcesrv_reply(struct dcesrv_call_state *call)
        chunk_size -= DCERPC_REQUEST_LENGTH;
        if (call->conn->auth_state.auth_info &&
            call->conn->auth_state.gensec_security) {
+               size_t max_payload = chunk_size;
+
+               max_payload -= DCERPC_AUTH_TRAILER_LENGTH;
+               max_payload -= (max_payload % DCERPC_AUTH_PAD_ALIGNMENT);
+
                sig_size = gensec_sig_size(call->conn->auth_state.gensec_security,
-                                          call->conn->cli_max_recv_frag);
+                                          max_payload);
                if (sig_size) {
                        chunk_size -= DCERPC_AUTH_TRAILER_LENGTH;
                        chunk_size -= sig_size;