librpc: Provide clearer debug messages for malformed DCE/RPC bind

REF: https://lists.samba.org/archive/samba/2020-April/229334.html BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
author: Andrew Bartlett <abartlet@samba.org> 2020-04-24 11:04:00 +1200
committer: Andrew Bartlett <abartlet@samba.org> 2020-04-29 06:29:31 +0000
commit: ae5cb7346bf6f7759c88d7df6a5c1bd7965ee284 (patch)
tree: 78212ce9e2a61e6a235ec2d4949bc6caa1d5d68e /librpc
parent: c7a4578d06427a82ead287f0c5248c1a54cc9336 (diff)
download: samba-ae5cb7346bf6f7759c88d7df6a5c1bd7965ee284.tar.gz
1 files changed, 29 insertions, 8 deletions
diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c
index f7596cb1ac1..cf6cb942b1c 100644
--- a/librpc/rpc/dcerpc_util.c
+++ b/librpc/rpc/dcerpc_util.c
@@ -357,20 +357,41 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
 	}
 
 	if (data_and_pad < auth->auth_pad_length) {
-		DEBUG(1, (__location__ ": ERROR: pad length mismatch. "
-			  "Calculated %u  got %u\n",
-			  (unsigned)data_and_pad,
-			  (unsigned)auth->auth_pad_length));
+		DBG_WARNING(__location__ ": ERROR: pad length too long. "
+			    "Calculated %u (pkt_trailer->length=%u - auth_length=%u) "
+			    "was less than auth_pad_length=%u\n",
+			    (unsigned)data_and_pad,
+			    (unsigned)pkt_trailer->length,
+			    (unsigned)auth_length,
+			    (unsigned)auth->auth_pad_length);
+		talloc_free(ndr);
+		ZERO_STRUCTP(auth);
+		return NT_STATUS_RPC_PROTOCOL_ERROR;
+	}
+
+	if (auth_data_only && data_and_pad > auth->auth_pad_length) {
+		DBG_WARNING(__location__ ": ERROR: auth_data_only pad length mismatch. "
+			    "Client sent a longer BIND packet than expected by %u bytes "
+			    "(pkt_trailer->length=%u - auth_length=%u) "
+			    "= %u auth_pad_length=%u\n",
+			    (unsigned)data_and_pad - (unsigned)auth->auth_pad_length,
+			    (unsigned)pkt_trailer->length,
+			    (unsigned)auth_length,
+			    (unsigned)data_and_pad,
+			    (unsigned)auth->auth_pad_length);
 		talloc_free(ndr);
 		ZERO_STRUCTP(auth);
 		return NT_STATUS_RPC_PROTOCOL_ERROR;
 	}
 
 	if (auth_data_only && data_and_pad != auth->auth_pad_length) {
-		DEBUG(1, (__location__ ": ERROR: pad length mismatch. "
-			  "Calculated %u  got %u\n",
-			  (unsigned)data_and_pad,
-			  (unsigned)auth->auth_pad_length));
+		DBG_WARNING(__location__ ": ERROR: auth_data_only pad length mismatch. "
+			    "Calculated %u (pkt_trailer->length=%u - auth_length=%u) "
+			    "but auth_pad_length=%u\n",
+			    (unsigned)data_and_pad,
+			    (unsigned)pkt_trailer->length,
+			    (unsigned)auth_length,
+			    (unsigned)auth->auth_pad_length);
 		talloc_free(ndr);
 		ZERO_STRUCTP(auth);
 		return NT_STATUS_RPC_PROTOCOL_ERROR;
author	Andrew Bartlett <abartlet@samba.org>	2020-04-24 11:04:00 +1200
committer	Andrew Bartlett <abartlet@samba.org>	2020-04-29 06:29:31 +0000
commit	ae5cb7346bf6f7759c88d7df6a5c1bd7965ee284 (patch)
tree	78212ce9e2a61e6a235ec2d4949bc6caa1d5d68e /librpc
parent	c7a4578d06427a82ead287f0c5248c1a54cc9336 (diff)
download	samba-ae5cb7346bf6f7759c88d7df6a5c1bd7965ee284.tar.gz