dcerpc_util: let dcerpc_pull_auth_trailer() ignore data_and_pad for bind, alter,...

Sometimes Windows sends 3 presentation contexts (NDR32, NDR64,
BindTimeFeatureNegotiation) in the first BIND of an association.

Binding an additional connection to the association seems to
reuse the BIND buffer and just changes the num_contexts field from
3 to 2 and leaves the BindTimeFeatureNegotiation context as padding
in places.

Note, the auth_pad_length field is send as 0 in that case,
which means we need to ignore it completely, as well as any
padding before the auth header.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356

Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c
index 1dea132a3b6913bc07f7ea24dbdf0d30fe6b11aa..186c52b2a75879237440bf632d07b5bbe2b8538d 100644 (file)
--- a/librpc/rpc/dcerpc_util.c
+++ b/librpc/rpc/dcerpc_util.c
@@ -358,10 +358,9 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
         *
         * See also bug #11982.
         */
-       if (auth_data_only && data_and_pad == 0 &&
-           auth->auth_pad_length > 0) {
+       if (auth_data_only) {
                /*
-                * we need to ignore invalid auth_pad_length
+                * We need to ignore auth_pad_length
                 * values for BIND_*, ALTER_* and AUTH3 pdus.
                 */
                auth->auth_pad_length = 0;
@@ -381,34 +380,6 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
                return NT_STATUS_RPC_PROTOCOL_ERROR;
        }
 
-       if (auth_data_only && data_and_pad > auth->auth_pad_length) {
-               DBG_WARNING(__location__ ": ERROR: auth_data_only pad length mismatch. "
-                           "Client sent a longer BIND packet than expected by %"PRIu16" bytes "
-                           "(pkt_trailer->length=%zu - auth_length=%"PRIu16") "
-                           "= %"PRIu16" auth_pad_length=%"PRIu8"\n",
-                           data_and_pad - auth->auth_pad_length,
-                           pkt_trailer->length,
-                           auth_length,
-                           data_and_pad,
-                           auth->auth_pad_length);
-               talloc_free(ndr);
-               ZERO_STRUCTP(auth);
-               return NT_STATUS_RPC_PROTOCOL_ERROR;
-       }
-
-       if (auth_data_only && data_and_pad != auth->auth_pad_length) {
-               DBG_WARNING(__location__ ": ERROR: auth_data_only pad length mismatch. "
-                           "Calculated %"PRIu16" (pkt_trailer->length=%zu - auth_length=%"PRIu16") "
-                           "but auth_pad_length=%"PRIu8"\n",
-                           data_and_pad,
-                           pkt_trailer->length,
-                           auth_length,
-                           auth->auth_pad_length);
-               talloc_free(ndr);
-               ZERO_STRUCTP(auth);
-               return NT_STATUS_RPC_PROTOCOL_ERROR;
-       }
-
        DBG_DEBUG("auth_pad_length %"PRIu8"\n",
                  auth->auth_pad_length);