} request;
bool verify_bitmask1;
bool verify_pcontext;
+ bool got_first;
struct dcerpc_do_request_out_frag *out_frag;
struct {
DATA_BLOB blob;
}
if (state->call != NULL) {
+ if (state->call == state->conn->calls.active) {
+ state->conn->calls.active = NULL;
+ }
ZERO_STRUCT(state->call->incoming);
DLIST_REMOVE(state->conn->calls.list, state->call);
state->call = NULL;
return error;
}
- if (state->verify_bitmask1) {
- state->call->sec->verified_bitmask1 = true;
+ if (!state->got_first) {
+ state->got_first = true;
+
+ if (!(pkt->pfc_flags & DCERPC_PFC_FLAG_FIRST)) {
+ return NT_STATUS_RPC_PROTOCOL_ERROR;
+ }
+
+ state->conn->calls.active = state->call;
+
+ if (pkt->drep[0] & DCERPC_DREP_LE) {
+ state->response.bigendian = false;
+ } else {
+ state->response.bigendian = true;
+ }
+
+ if (state->verify_bitmask1) {
+ state->call->sec->verified_bitmask1 = true;
+ }
+
+ if (state->verify_pcontext) {
+ state->call->pres->verified_pcontext = true;
+ }
+ } else {
+ if (pkt->pfc_flags & DCERPC_PFC_FLAG_FIRST) {
+ return NT_STATUS_RPC_PROTOCOL_ERROR;
+ }
+ }
+
+ if (state->response.bigendian) {
+ if (pkt->drep[0] != 0) {
+ return NT_STATUS_RPC_PROTOCOL_ERROR;
+ }
+ } else {
+ if (pkt->drep[0] != DCERPC_DREP_LE) {
+ return NT_STATUS_RPC_PROTOCOL_ERROR;
+ }
+ }
+ if (pkt->drep[1] != 0) {
+ return NT_STATUS_RPC_PROTOCOL_ERROR;
+ }
+ if (pkt->drep[2] != 0) {
+ return NT_STATUS_RPC_PROTOCOL_ERROR;
+ }
+ if (pkt->drep[3] != 0) {
+ return NT_STATUS_RPC_PROTOCOL_ERROR;
}
- if (state->verify_pcontext) {
- state->call->pres->verified_pcontext = true;
+ if (pkt->u.response.context_id != state->call->pres->context_id) {
+ return NT_STATUS_RPC_PROTOCOL_ERROR;
}
if (frag.length < DCERPC_RESPONSE_LENGTH + pad_len) {
payload.length = frag.length - DCERPC_RESPONSE_LENGTH;
}
- if (pkt->pfc_flags & DCERPC_PFC_FLAG_LAST) {
- if (pkt->drep[0] & DCERPC_DREP_LE) {
- state->response.bigendian = false;
- } else {
- state->response.bigendian = true;
- }
- }
-
DEBUG(10, ("Got pdu len %lu, data_len %lu, ss_len %u\n",
(long unsigned int)frag.length,
(long unsigned int)payload.length,