CVE-2015-5370: s4:rpc_server: add some padding to dcesrv_bind_nak() responses

This matches Windows 2012R2. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2015-06-26 08:10:46 +0200
committer: Stefan Metzmacher <metze@samba.org> 2016-04-12 19:25:30 +0200
commit: 7bde997594688baae00e5ef49a1b9b86d89edf4d (patch)
tree: 334e5264f78de1f8f79d7ca771ccf4aa8db8ab3b
parent: 254048f9a5873c9e1fd6367ffb8d104d2dcfbaf2 (diff)
download: samba-7bde997594688baae00e5ef49a1b9b86d89edf4d.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index 1393aa74fa4..8a0df18fe3e 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -462,6 +462,7 @@ static NTSTATUS dcesrv_bind_nak(struct dcesrv_call_state *call, uint32_t reason)
 	struct dcerpc_bind_nak_version version;
 	struct data_blob_list_item *rep;
 	NTSTATUS status;
+	static const uint8_t _pad[3] = { 0, };
 
 	/* setup a bind_nak */
 	dcesrv_init_hdr(&pkt, lpcfg_rpc_big_endian(call->conn->dce_ctx->lp_ctx));
@@ -474,7 +475,7 @@ static NTSTATUS dcesrv_bind_nak(struct dcesrv_call_state *call, uint32_t reason)
 	version.rpc_vers_minor = 0;
 	pkt.u.bind_nak.num_versions = 1;
 	pkt.u.bind_nak.versions = &version;
-	pkt.u.bind_nak._pad = data_blob_null;
+	pkt.u.bind_nak._pad = data_blob_const(_pad, sizeof(_pad));
 
 	rep = talloc_zero(call, struct data_blob_list_item);
 	if (!rep) {
author	Stefan Metzmacher <metze@samba.org>	2015-06-26 08:10:46 +0200
committer	Stefan Metzmacher <metze@samba.org>	2016-04-12 19:25:30 +0200
commit	7bde997594688baae00e5ef49a1b9b86d89edf4d (patch)
tree	334e5264f78de1f8f79d7ca771ccf4aa8db8ab3b
parent	254048f9a5873c9e1fd6367ffb8d104d2dcfbaf2 (diff)
download	samba-7bde997594688baae00e5ef49a1b9b86d89edf4d.tar.gz