s3:librpc/rpc: fix padding calculation in dcerpc_guess_sizes()

author Stefan Metzmacher <metze@samba.org>

Fri, 19 Jun 2015 13:52:11 +0000 (15:52 +0200)

committer Stefan Metzmacher <metze@samba.org>

Tue, 23 Jun 2015 12:38:53 +0000 (14:38 +0200)
author Stefan Metzmacher <metze@samba.org>
Fri, 19 Jun 2015 13:52:11 +0000 (15:52 +0200)
committer Stefan Metzmacher <metze@samba.org>
Tue, 23 Jun 2015 12:38:53 +0000 (14:38 +0200)
diff --git a/source3/librpc/rpc/dcerpc.h b/source3/librpc/rpc/dcerpc.h

index 42429a1662a78fcd1ffc2e8ba55eefb49cc8b545..e7d66b7252b5754477e075a6615f6503ca40f030 100644 (file)
--- a/source3/librpc/rpc/dcerpc.h
+++ b/source3/librpc/rpc/dcerpc.h
@@ -75,7 +75,7 @@ NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx,
                                  bool bigendian);
  NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
                             size_t header_len, size_t data_left,
-                           size_t max_xmit_frag, size_t pad_alignment,
+                           size_t max_xmit_frag,
                             size_t *data_to_send, size_t *frag_len,
                             size_t *auth_len, size_t *pad_len);
  NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c

index 5f2b94cadfe173af75ab857f9d2d0d93e01fb05c..1193baa798398e0c4f031882fd7cfc2b635b07ba 100644 (file)
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -225,7 +225,6 @@ NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx,
  * @param header_len    The length of the packet header
  * @param data_left     The data left in the send buffer
  * @param max_xmit_frag The max fragment size.
-* @param pad_alignment The NDR padding size.
  * @param data_to_send  [out] The max data we will send in the pdu
  * @param frag_len      [out] The total length of the fragment
  * @param auth_len      [out] The length of the auth trailer
@@ -235,7 +234,7 @@ NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx,
  */
  NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
                             size_t header_len, size_t data_left,
-                           size_t max_xmit_frag, size_t pad_alignment,
+                           size_t max_xmit_frag,
                             size_t *data_to_send, size_t *frag_len,
                             size_t *auth_len, size_t *pad_len)
  {
@@ -277,26 +276,23 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
         case DCERPC_AUTH_TYPE_KRB5:
         case DCERPC_AUTH_TYPE_SCHANNEL:
                 gensec_security = auth->auth_ctx;
-               *auth_len = gensec_sig_size(gensec_security, max_len);
+               mod_len = (max_len % DCERPC_AUTH_PAD_ALIGNMENT);
+               *auth_len = gensec_sig_size(gensec_security, max_len - mod_len);
+               if (*auth_len == 0) {
+                       return NT_STATUS_INTERNAL_ERROR;
+               }
                 break;
         default:
                 return NT_STATUS_INVALID_PARAMETER;
         }
  
         max_len -= *auth_len;
+       mod_len = (max_len % DCERPC_AUTH_PAD_ALIGNMENT);
+       max_len -= mod_len;
  
         *data_to_send = MIN(max_len, data_left);
  
-       mod_len = (header_len + *data_to_send) % pad_alignment;
-       if (mod_len) {
-               *pad_len = pad_alignment - mod_len;
-       } else {
-               *pad_len = 0;
-       }
-
-       if (*data_to_send + *pad_len > max_len) {
-               *data_to_send -= pad_alignment;
-       }
+       *pad_len = DCERPC_AUTH_PAD_LENGTH(*data_to_send);
  
         *frag_len = header_len + *data_to_send + *pad_len
                         + DCERPC_AUTH_TRAILER_LENGTH + *auth_len;
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c

index d0fb774358629b6cc5822bc50e2ce2557e73a3ab..f642d3035c740e9eb5555b9dd41488fd75c5f7fd 100644 (file)
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1398,7 +1398,6 @@ static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state,
         status = dcerpc_guess_sizes(state->cli->auth,
                                     DCERPC_REQUEST_LENGTH, total_left,
                                     state->cli->max_xmit_frag,
-                                   CLIENT_NDR_PADDING_SIZE,
                                     &total_thistime,
                                     &frag_len, &auth_len, &pad_len);
         if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c

index 63323f85961e2377c02abd88431801e09e8a2351..77592a44ec27eec8a57c44a568dbf0d5ee88b39f 100644 (file)
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -143,7 +143,6 @@ static NTSTATUS create_next_packet(TALLOC_CTX *mem_ctx,
                                     DCERPC_RESPONSE_LENGTH,
                                     data_left,
                                     RPC_MAX_PDU_FRAG_LEN,
-                                   SERVER_NDR_PADDING_SIZE,
                                     &data_to_send, &frag_len,
                                     &auth_len, &pad_len);
         if (!NT_STATUS_IS_OK(status)) {
author	Stefan Metzmacher <metze@samba.org>
	Fri, 19 Jun 2015 13:52:11 +0000 (15:52 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Tue, 23 Jun 2015 12:38:53 +0000 (14:38 +0200)
source3/librpc/rpc/dcerpc.h		patch \| blob \| history
source3/librpc/rpc/dcerpc_helpers.c		patch \| blob \| history
source3/rpc_client/cli_pipe.c		patch \| blob \| history
source3/rpc_server/srv_pipe.c		patch \| blob \| history