From: Andrew Tridgell Date: Sun, 12 Dec 2004 08:35:11 +0000 (+0000) Subject: r4161: two more fixes for NT4 clients. Bugs found by kukks. X-Git-Tag: samba-4.0.0alpha6~801^3~12339 X-Git-Url: http://git.samba.org/?p=samba.git;a=commitdiff_plain;h=1960714669d03ce6c2f1fda34e9798cda555c962 r4161: two more fixes for NT4 clients. Bugs found by kukks. - nt4 doesn't setup the pfc flags correctly for rpc packet types other than normal requests, so don't check for fragmented packets unless they are of type request - ensure we give STATUS_BUFFER_OVERFLOW when we return a partial fragment in SMBtrans requests on ncacn_np (This used to be commit 83ebffec3215c58c5cebf1a7c9a58904854203c8) --- diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index 3afe5f1dc54..6e608fd30b0 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -849,7 +849,8 @@ NTSTATUS dcesrv_input_process(struct dcesrv_connection *dce_conn) dce_partial_advance(dce_conn, blob.length); /* see if this is a continued packet */ - if (!(call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST)) { + if (call->pkt.ptype == DCERPC_PKT_REQUEST && + !(call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST)) { struct dcesrv_call_state *call2 = call; uint32_t alloc_size; @@ -895,7 +896,8 @@ NTSTATUS dcesrv_input_process(struct dcesrv_connection *dce_conn) /* this may not be the last pdu in the chain - if its isn't then just put it on the call_list and wait for the rest */ - if (!(call->pkt.pfc_flags & DCERPC_PFC_FLAG_LAST)) { + if (call->pkt.ptype == DCERPC_PKT_REQUEST && + !(call->pkt.pfc_flags & DCERPC_PFC_FLAG_LAST)) { DLIST_ADD_END(dce_conn->call_list, call, struct dcesrv_call_state *); return NT_STATUS_OK; } @@ -998,6 +1000,8 @@ NTSTATUS dcesrv_output(struct dcesrv_connection *dce_conn, if (rep->data.length == 0) { /* we're done with this section of the call */ DLIST_REMOVE(call->replies, rep); + } else { + return STATUS_BUFFER_OVERFLOW; } if (call->replies == NULL) {