diff options
author | Stefan Metzmacher <metze@samba.org> | 2015-06-26 08:10:46 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2016-04-12 19:25:30 +0200 |
commit | 7bde997594688baae00e5ef49a1b9b86d89edf4d (patch) | |
tree | 334e5264f78de1f8f79d7ca771ccf4aa8db8ab3b | |
parent | 254048f9a5873c9e1fd6367ffb8d104d2dcfbaf2 (diff) | |
download | samba-7bde997594688baae00e5ef49a1b9b86d89edf4d.tar.gz |
CVE-2015-5370: s4:rpc_server: add some padding to dcesrv_bind_nak() responses
This matches Windows 2012R2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
-rw-r--r-- | source4/rpc_server/dcerpc_server.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index 1393aa74fa4..8a0df18fe3e 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -462,6 +462,7 @@ static NTSTATUS dcesrv_bind_nak(struct dcesrv_call_state *call, uint32_t reason) struct dcerpc_bind_nak_version version; struct data_blob_list_item *rep; NTSTATUS status; + static const uint8_t _pad[3] = { 0, }; /* setup a bind_nak */ dcesrv_init_hdr(&pkt, lpcfg_rpc_big_endian(call->conn->dce_ctx->lp_ctx)); @@ -474,7 +475,7 @@ static NTSTATUS dcesrv_bind_nak(struct dcesrv_call_state *call, uint32_t reason) version.rpc_vers_minor = 0; pkt.u.bind_nak.num_versions = 1; pkt.u.bind_nak.versions = &version; - pkt.u.bind_nak._pad = data_blob_null; + pkt.u.bind_nak._pad = data_blob_const(_pad, sizeof(_pad)); rep = talloc_zero(call, struct data_blob_list_item); if (!rep) { |