| commit | df0eba99806a39a9caa1edb4841a3e03d50c76a9 | |
| author | Jeremy Allison <jra@samba.org> | |
| Thu, 26 May 2011 23:48:42 +0000 (26 16:48 -0700) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Tue, 7 Jun 2011 18:01:40 +0000 (7 20:01 +0200) | ||
| tree | 042a1c36c1c0478efc6386c7e5bc8af683c42a99 | treesnapshot (tar.gz zip) |
| parent | 482b3dc72b303a59e82ad8078f12d364adbfc349 | commitdiff |
Fix bug #6911 - Kerberos authentication from vista to samba fails when security blob size is greater than 16 kB
We were not correctly checking the output of asn1_start_tag().
asn1_start_tag() returns -1 and sets data->has_error if the
remaining blob size is too short to contain the tag length.
We were checking data->has_error and returning NT_STATUS_OK
(to allow the second asn.1 parse to fail in that case). We
should not be checking data->has_error in this case, but
falling through to the code that already checks the length.
Thanks to Jim for reproducing this for me. We don't get bitten
by this as we announce a max buffer size of 16k, greater than
Windows's 4k, which means that most krb5 spnego packets already
fit.
Jeremy.
(cherry picked from commit 2e490ae208d31c4112b851eeaf346837f637fcd3)
We were not correctly checking the output of asn1_start_tag().
asn1_start_tag() returns -1 and sets data->has_error if the
remaining blob size is too short to contain the tag length.
We were checking data->has_error and returning NT_STATUS_OK
(to allow the second asn.1 parse to fail in that case). We
should not be checking data->has_error in this case, but
falling through to the code that already checks the length.
Thanks to Jim for reproducing this for me. We don't get bitten
by this as we announce a max buffer size of 16k, greater than
Windows's 4k, which means that most krb5 spnego packets already
fit.
Jeremy.
(cherry picked from commit 2e490ae208d31c4112b851eeaf346837f637fcd3)
| source3/smbd/sesssetup.c | diffblobblamehistory |