diff options
author | Stefan Metzmacher <metze@samba.org> | 2020-11-13 11:25:41 +0100 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2021-11-09 19:45:34 +0000 |
commit | c00e5fc2c646ef56a457d3850fb4a6e4d8d45294 (patch) | |
tree | d4d1bc6d2f6fff5fed52724792a03dc21a2a0ae8 | |
parent | 5f4634310196c6b2c8b097ad41f949a0cccf0ec6 (diff) | |
download | samba-c00e5fc2c646ef56a457d3850fb4a6e4d8d45294.tar.gz |
CVE-2021-23192: dcesrv_core: add better debugging to dcesrv_fault_disconnect()
It's better to see the location that triggered the fault.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
-rw-r--r-- | librpc/rpc/dcesrv_core.c | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c index 6a2e0c25e7f..289f734ea00 100644 --- a/librpc/rpc/dcesrv_core.c +++ b/librpc/rpc/dcesrv_core.c @@ -719,19 +719,38 @@ static NTSTATUS dcesrv_bind_nak(struct dcesrv_call_state *call, uint32_t reason) return NT_STATUS_OK; } -static NTSTATUS dcesrv_fault_disconnect(struct dcesrv_call_state *call, - uint32_t fault_code) +static NTSTATUS _dcesrv_fault_disconnect_flags(struct dcesrv_call_state *call, + uint32_t fault_code, + uint8_t extra_flags, + const char *func, + const char *location) { + const char *reason = NULL; + + reason = talloc_asprintf(call, "%s:%s: fault=%u (%s) flags=0x%x", + func, location, + fault_code, + dcerpc_errstr(call, fault_code), + extra_flags); + if (reason == NULL) { + reason = location; + } + /* * We add the call to the pending_call_list * in order to defer the termination. */ - dcesrv_call_disconnect_after(call, "dcesrv_fault_disconnect"); - return dcesrv_fault_with_flags(call, fault_code, - DCERPC_PFC_FLAG_DID_NOT_EXECUTE); + dcesrv_call_disconnect_after(call, reason); + + return dcesrv_fault_with_flags(call, fault_code, extra_flags); } +#define dcesrv_fault_disconnect(call, fault_code) \ + _dcesrv_fault_disconnect_flags(call, fault_code, \ + DCERPC_PFC_FLAG_DID_NOT_EXECUTE, \ + __func__, __location__) + static int dcesrv_connection_context_destructor(struct dcesrv_connection_context *c) { DLIST_REMOVE(c->conn->contexts, c); |