diff options
author | Volker Lendecke <vl@samba.org> | 2021-04-02 12:20:38 +0200 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2021-11-08 10:52:13 +0100 |
commit | 83a9fb52f3e32422b4b2ab6327ad06c35c71ae1a (patch) | |
tree | 6ac67de93af1fbd6b07e07b3d35f7e9965f92152 | |
parent | 3ed16e74292058d059ae951317ca8d3b7f1f5d0e (diff) | |
download | samba-83a9fb52f3e32422b4b2ab6327ad06c35c71ae1a.tar.gz |
CVE-2021-23192 rpc: Give dcerpc_util.c its own header
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
(cherry picked from commit 8945d99758d8bedd374f1c51304b87a6cf10498c)
-rw-r--r-- | librpc/rpc/dcerpc_util.c | 1 | ||||
-rw-r--r-- | librpc/rpc/dcerpc_util.h | 103 | ||||
-rw-r--r-- | librpc/rpc/dcesrv_auth.c | 1 | ||||
-rw-r--r-- | librpc/rpc/dcesrv_core.c | 1 | ||||
-rw-r--r-- | librpc/rpc/dcesrv_reply.c | 1 | ||||
-rw-r--r-- | librpc/rpc/rpc_common.h | 74 | ||||
-rw-r--r-- | source3/librpc/rpc/dcerpc_helpers.c | 1 | ||||
-rw-r--r-- | source3/rpc_client/cli_pipe.c | 1 | ||||
-rw-r--r-- | source3/rpc_client/rpc_transport_np.c | 1 | ||||
-rw-r--r-- | source3/rpc_server/rpc_ncacn_np.c | 1 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc.c | 1 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_roh_channel_out.c | 1 |
12 files changed, 113 insertions, 74 deletions
diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c index 3d622b2be49..6a160e12023 100644 --- a/librpc/rpc/dcerpc_util.c +++ b/librpc/rpc/dcerpc_util.c @@ -25,6 +25,7 @@ #include "lib/tsocket/tsocket.h" #include "lib/util/tevent_ntstatus.h" #include "librpc/rpc/dcerpc.h" +#include "librpc/rpc/dcerpc_util.h" #include "librpc/gen_ndr/ndr_dcerpc.h" #include "rpc_common.h" #include "lib/util/bitmap.h" diff --git a/librpc/rpc/dcerpc_util.h b/librpc/rpc/dcerpc_util.h new file mode 100644 index 00000000000..0ecaf428c3c --- /dev/null +++ b/librpc/rpc/dcerpc_util.h @@ -0,0 +1,103 @@ +/* + Unix SMB/CIFS implementation. + + Copyright (C) Stefan Metzmacher 2010-2011 + Copyright (C) Andrew Tridgell 2010-2011 + Copyright (C) Simo Sorce 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef __LIBRPC_RPC_DCERPC_UTIL_H__ +#define __LIBRPC_RPC_DCERPC_UTIL_H__ + +#include "replace.h" +#include <talloc.h> +#include "lib/util/data_blob.h" +#include "librpc/rpc/rpc_common.h" +#include "librpc/gen_ndr/dcerpc.h" + +void dcerpc_set_frag_length(DATA_BLOB *blob, uint16_t v); +uint16_t dcerpc_get_frag_length(const DATA_BLOB *blob); +void dcerpc_set_auth_length(DATA_BLOB *blob, uint16_t v); +uint16_t dcerpc_get_auth_length(const DATA_BLOB *blob); +uint8_t dcerpc_get_endian_flag(DATA_BLOB *blob); +uint8_t dcerpc_get_auth_type(const DATA_BLOB *blob); +uint8_t dcerpc_get_auth_level(const DATA_BLOB *blob); +uint32_t dcerpc_get_auth_context_id(const DATA_BLOB *blob); +const char *dcerpc_default_transport_endpoint(TALLOC_CTX *mem_ctx, + enum dcerpc_transport_t transport, + const struct ndr_interface_table *table); + +NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx, + const DATA_BLOB *blob, + struct ncacn_packet *r); + +/** +* @brief Pull a dcerpc_auth structure, taking account of any auth +* padding in the blob. For request/response packets we pass +* the whole data blob, so auth_data_only must be set to false +* as the blob contains data+pad+auth and no just pad+auth. +* +* @param pkt - The ncacn_packet strcuture +* @param mem_ctx - The mem_ctx used to allocate dcerpc_auth elements +* @param pkt_trailer - The packet trailer data, usually the trailing +* auth_info blob, but in the request/response case +* this is the stub_and_verifier blob. +* @param auth - A preallocated dcerpc_auth *empty* structure +* @param auth_length - The length of the auth trail, sum of auth header +* lenght and pkt->auth_length +* @param auth_data_only - Whether the pkt_trailer includes only the auth_blob +* (+ padding) or also other data. +* +* @return - A NTSTATUS error code. +*/ +NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt, + TALLOC_CTX *mem_ctx, + const DATA_BLOB *pkt_trailer, + struct dcerpc_auth *auth, + uint32_t *auth_length, + bool auth_data_only); +NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt, + enum dcerpc_pkt_type ptype, + size_t max_auth_info, + uint8_t required_flags, + uint8_t optional_flags); +NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, + struct gensec_security *gensec, + TALLOC_CTX *mem_ctx, + enum dcerpc_pkt_type ptype, + uint8_t required_flags, + uint8_t optional_flags, + uint8_t payload_offset, + DATA_BLOB *payload_and_verifier, + DATA_BLOB *raw_packet, + const struct ncacn_packet *pkt); +NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state, + struct gensec_security *gensec, + TALLOC_CTX *mem_ctx, + DATA_BLOB *raw_packet, + size_t sig_size, + uint8_t payload_offset, + const DATA_BLOB *payload, + const struct ncacn_packet *pkt); +struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct tstream_context *stream); +NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req *req, + TALLOC_CTX *mem_ctx, + struct ncacn_packet **pkt, + DATA_BLOB *buffer); + +#endif diff --git a/librpc/rpc/dcesrv_auth.c b/librpc/rpc/dcesrv_auth.c index 8ac90f2a2bd..f7919ebf575 100644 --- a/librpc/rpc/dcesrv_auth.c +++ b/librpc/rpc/dcesrv_auth.c @@ -23,6 +23,7 @@ #include "includes.h" #include "librpc/rpc/dcesrv_core.h" #include "librpc/rpc/dcesrv_core_proto.h" +#include "librpc/rpc/dcerpc_util.h" #include "librpc/gen_ndr/ndr_dcerpc.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c index 88838121f2f..ad7b02194ec 100644 --- a/librpc/rpc/dcesrv_core.c +++ b/librpc/rpc/dcesrv_core.c @@ -24,6 +24,7 @@ #include "includes.h" #include "librpc/rpc/dcesrv_core.h" #include "librpc/rpc/dcesrv_core_proto.h" +#include "librpc/rpc/dcerpc_util.h" #include "librpc/gen_ndr/auth.h" #include "auth/gensec/gensec.h" #include "lib/util/dlinklist.h" diff --git a/librpc/rpc/dcesrv_reply.c b/librpc/rpc/dcesrv_reply.c index 96bd98f53e1..5b4429956e7 100644 --- a/librpc/rpc/dcesrv_reply.c +++ b/librpc/rpc/dcesrv_reply.c @@ -23,6 +23,7 @@ #include "includes.h" #include "librpc/rpc/dcesrv_core.h" #include "librpc/rpc/dcesrv_core_proto.h" +#include "librpc/rpc/dcerpc_util.h" #include "auth/gensec/gensec.h" #include "lib/util/dlinklist.h" #include "param/param.h" diff --git a/librpc/rpc/rpc_common.h b/librpc/rpc/rpc_common.h index a606a29ed31..785cd985cfb 100644 --- a/librpc/rpc/rpc_common.h +++ b/librpc/rpc/rpc_common.h @@ -163,80 +163,6 @@ const char *derpc_transport_string_by_transport(enum dcerpc_transport_t t); enum dcerpc_transport_t dcerpc_transport_by_name(const char *name); enum dcerpc_transport_t dcerpc_transport_by_tower(const struct epm_tower *tower); -/* The following definitions come from ../librpc/rpc/dcerpc_util.c */ - -void dcerpc_set_frag_length(DATA_BLOB *blob, uint16_t v); -uint16_t dcerpc_get_frag_length(const DATA_BLOB *blob); -void dcerpc_set_auth_length(DATA_BLOB *blob, uint16_t v); -uint16_t dcerpc_get_auth_length(const DATA_BLOB *blob); -uint8_t dcerpc_get_endian_flag(DATA_BLOB *blob); -uint8_t dcerpc_get_auth_type(const DATA_BLOB *blob); -uint8_t dcerpc_get_auth_level(const DATA_BLOB *blob); -uint32_t dcerpc_get_auth_context_id(const DATA_BLOB *blob); -const char *dcerpc_default_transport_endpoint(TALLOC_CTX *mem_ctx, - enum dcerpc_transport_t transport, - const struct ndr_interface_table *table); - -NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx, - const DATA_BLOB *blob, - struct ncacn_packet *r); - -/** -* @brief Pull a dcerpc_auth structure, taking account of any auth -* padding in the blob. For request/response packets we pass -* the whole data blob, so auth_data_only must be set to false -* as the blob contains data+pad+auth and no just pad+auth. -* -* @param pkt - The ncacn_packet strcuture -* @param mem_ctx - The mem_ctx used to allocate dcerpc_auth elements -* @param pkt_trailer - The packet trailer data, usually the trailing -* auth_info blob, but in the request/response case -* this is the stub_and_verifier blob. -* @param auth - A preallocated dcerpc_auth *empty* structure -* @param auth_length - The length of the auth trail, sum of auth header -* lenght and pkt->auth_length -* @param auth_data_only - Whether the pkt_trailer includes only the auth_blob -* (+ padding) or also other data. -* -* @return - A NTSTATUS error code. -*/ -NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt, - TALLOC_CTX *mem_ctx, - const DATA_BLOB *pkt_trailer, - struct dcerpc_auth *auth, - uint32_t *auth_length, - bool auth_data_only); -NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt, - enum dcerpc_pkt_type ptype, - size_t max_auth_info, - uint8_t required_flags, - uint8_t optional_flags); -NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, - struct gensec_security *gensec, - TALLOC_CTX *mem_ctx, - enum dcerpc_pkt_type ptype, - uint8_t required_flags, - uint8_t optional_flags, - uint8_t payload_offset, - DATA_BLOB *payload_and_verifier, - DATA_BLOB *raw_packet, - const struct ncacn_packet *pkt); -NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state, - struct gensec_security *gensec, - TALLOC_CTX *mem_ctx, - DATA_BLOB *raw_packet, - size_t sig_size, - uint8_t payload_offset, - const DATA_BLOB *payload, - const struct ncacn_packet *pkt); -struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct tstream_context *stream); -NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req *req, - TALLOC_CTX *mem_ctx, - struct ncacn_packet **pkt, - DATA_BLOB *buffer); - /* The following definitions come from ../librpc/rpc/binding_handle.c */ struct dcerpc_binding_handle_ops { diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c index 1f67987561c..c609efd5b07 100644 --- a/source3/librpc/rpc/dcerpc_helpers.c +++ b/source3/librpc/rpc/dcerpc_helpers.c @@ -20,6 +20,7 @@ #include "includes.h" #include "librpc/rpc/dcerpc.h" +#include "librpc/rpc/dcerpc_util.h" #include "librpc/gen_ndr/ndr_dcerpc.h" #include "librpc/crypto/gse.h" #include "auth/gensec/gensec.h" diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 8227ef0b0bd..408c0063baf 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -30,6 +30,7 @@ #include "librpc/gen_ndr/ndr_dcerpc.h" #include "librpc/gen_ndr/ndr_netlogon_c.h" #include "librpc/rpc/dcerpc.h" +#include "librpc/rpc/dcerpc_util.h" #include "rpc_dce.h" #include "cli_pipe.h" #include "libsmb/libsmb.h" diff --git a/source3/rpc_client/rpc_transport_np.c b/source3/rpc_client/rpc_transport_np.c index 9dc5c5634fc..b24023661ff 100644 --- a/source3/rpc_client/rpc_transport_np.c +++ b/source3/rpc_client/rpc_transport_np.c @@ -19,6 +19,7 @@ #include "includes.h" #include "../lib/util/tevent_ntstatus.h" +#include "librpc/rpc/dcerpc_util.h" #include "rpc_client/rpc_transport.h" #include "librpc/ndr/ndr_table.h" #include "libcli/smb/smbXcli_base.h" diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c index 11f8a9b0602..cf50b1b481f 100644 --- a/source3/rpc_server/rpc_ncacn_np.c +++ b/source3/rpc_server/rpc_ncacn_np.c @@ -37,6 +37,7 @@ #include "rpc_server/rpc_config.h" #include "librpc/ndr/ndr_table.h" #include "rpc_server/rpc_server.h" +#include "librpc/rpc/dcerpc_util.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index 87a99a8df89..f97263dcc5b 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -26,6 +26,7 @@ #include "lib/events/events.h" #include "librpc/rpc/dcerpc.h" #include "librpc/rpc/dcerpc_proto.h" +#include "librpc/rpc/dcerpc_util.h" #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/gen_ndr/ndr_dcerpc.h" #include "auth/gensec/gensec.h" diff --git a/source4/librpc/rpc/dcerpc_roh_channel_out.c b/source4/librpc/rpc/dcerpc_roh_channel_out.c index e431689d419..2abafb0bab5 100644 --- a/source4/librpc/rpc/dcerpc_roh_channel_out.c +++ b/source4/librpc/rpc/dcerpc_roh_channel_out.c @@ -37,6 +37,7 @@ #include "librpc/rpc/dcerpc.h" #include "librpc/rpc/dcerpc_roh.h" #include "librpc/rpc/dcerpc_proto.h" +#include "librpc/rpc/dcerpc_util.h" #include "libcli/http/http.h" struct roh_request_state { |