librpc/rpc: ignore invalid auth_pad_length values in BIND, ALTER and AUTH3 pdus

This is a workarround for a bug in old Samba releases.
For BIND_ACK <= 3.5.x and for ALTER_RESP <= 4.2.x (see bug #11061).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit aef032302863e5f3a888dbf4c52b21d561a0dff4)

diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c
index ee7b30779c467ae519077a9a7f27f1a9033460a2..df149481559e1b72caaa6397b3ff1c43737bdb9e 100644 (file)
--- a/librpc/rpc/dcerpc_util.c
+++ b/librpc/rpc/dcerpc_util.c
@@ -194,6 +194,22 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
                return NT_STATUS_RPC_PROTOCOL_ERROR;
        }
 
+       /*
+        * This is a workarround for a bug in old
+        * Samba releases. For BIND_ACK <= 3.5.x
+        * and for ALTER_RESP <= 4.2.x (see bug #11061)
+        *
+        * See also bug #11982.
+        */
+       if (auth_data_only && data_and_pad == 0 &&
+           auth->auth_pad_length > 0) {
+               /*
+                * we need to ignore invalid auth_pad_length
+                * values for BIND_*, ALTER_* and AUTH3 pdus.
+                */
+               auth->auth_pad_length = 0;
+       }
+
        if (data_and_pad < auth->auth_pad_length) {
                DEBUG(1, (__location__ ": ERROR: pad length mismatch. "
                          "Calculated %u  got %u\n",