diff options
author | Stefan Metzmacher <metze@samba.org> | 2020-11-17 17:43:06 +0100 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2021-11-08 10:52:13 +0100 |
commit | 1f66e3f97e1b6f63aedbf5d7247ae43045eb9f11 (patch) | |
tree | d5ab5d0aebb753afcf52a2b72935eb4dfdac7cfb | |
parent | adcd0d76132a25ead71510f94b2ac5a5fe80cb75 (diff) | |
download | samba-1f66e3f97e1b6f63aedbf5d7247ae43045eb9f11.tar.gz |
CVE-2021-23192: python/tests/dcerpc: fix do_single_request(send_req=False)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
-rw-r--r-- | python/samba/tests/dcerpc/raw_testcase.py | 37 |
1 files changed, 20 insertions, 17 deletions
diff --git a/python/samba/tests/dcerpc/raw_testcase.py b/python/samba/tests/dcerpc/raw_testcase.py index a27da30fda1..7cffccbf1d0 100644 --- a/python/samba/tests/dcerpc/raw_testcase.py +++ b/python/samba/tests/dcerpc/raw_testcase.py @@ -523,26 +523,25 @@ class RawDCERPCTest(TestCase): if hexdump: sys.stderr.write("stub_in: %d\n%s" % (len(stub_in), self.hexdump(stub_in))) - pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST - pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST - if object is not None: - pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID - - req = self.generate_request_auth(call_id=call_id, - context_id=ctx.context_id, - pfc_flags=pfc_flags, - object=object, - opnum=io.opnum(), - stub=stub_in, - auth_context=auth_context) - if send_req: + pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST + pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST + if object is not None: + pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID + + req = self.generate_request_auth(call_id=call_id, + context_id=ctx.context_id, + pfc_flags=pfc_flags, + object=object, + opnum=io.opnum(), + stub=stub_in, + auth_context=auth_context) self.send_pdu(req, ndr_print=ndr_print, hexdump=hexdump) if recv_rep: (rep, rep_blob) = self.recv_pdu_raw(timeout=timeout, ndr_print=ndr_print, hexdump=hexdump) if fault_status: - self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_FAULT, req.call_id, + self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_FAULT, call_id, pfc_flags=fault_pfc_flags, auth_length=0) self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, fault_context_id) @@ -556,12 +555,16 @@ class RawDCERPCTest(TestCase): expected_auth_length = 0 if auth_context is not None and \ auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PACKET: - expected_auth_length = req.auth_length + if send_req: + expected_auth_length = req.auth_length + else: + expected_auth_length = rep.auth_length + - self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_RESPONSE, req.call_id, + self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_RESPONSE, call_id, auth_length=expected_auth_length) self.assertNotEqual(rep.u.alloc_hint, 0) - self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) + self.assertEqual(rep.u.context_id, ctx.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) stub_out = self.check_response_auth(rep, rep_blob, auth_context) |