r4161: two more fixes for NT4 clients. Bugs found by kukks.

 - nt4 doesn't setup the pfc flags correctly for rpc packet types
   other than normal requests, so don't check for fragmented packets
   unless they are of type request

 - ensure we give STATUS_BUFFER_OVERFLOW when we return a partial
   fragment in SMBtrans requests on ncacn_np
(This used to be commit 83ebffec3215c58c5cebf1a7c9a58904854203c8)

diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index 3afe5f1dc5449c6ac22c36f5b5acebf6f73ce608..6e608fd30b0c5ff0ff65c110d8e03039e03e6a86 100644 (file)
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -849,7 +849,8 @@ NTSTATUS dcesrv_input_process(struct dcesrv_connection *dce_conn)
        dce_partial_advance(dce_conn, blob.length);
 
        /* see if this is a continued packet */
-       if (!(call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST)) {
+       if (call->pkt.ptype == DCERPC_PKT_REQUEST &&
+           !(call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST)) {
                struct dcesrv_call_state *call2 = call;
                uint32_t alloc_size;
 
@@ -895,7 +896,8 @@ NTSTATUS dcesrv_input_process(struct dcesrv_connection *dce_conn)
 
        /* this may not be the last pdu in the chain - if its isn't then
           just put it on the call_list and wait for the rest */
-       if (!(call->pkt.pfc_flags & DCERPC_PFC_FLAG_LAST)) {
+       if (call->pkt.ptype == DCERPC_PKT_REQUEST &&
+           !(call->pkt.pfc_flags & DCERPC_PFC_FLAG_LAST)) {
                DLIST_ADD_END(dce_conn->call_list, call, struct dcesrv_call_state *);
                return NT_STATUS_OK;
        }
@@ -998,6 +1000,8 @@ NTSTATUS dcesrv_output(struct dcesrv_connection *dce_conn,
        if (rep->data.length == 0) {
                /* we're done with this section of the call */
                DLIST_REMOVE(call->replies, rep);
+       } else {
+               return STATUS_BUFFER_OVERFLOW;
        }
 
        if (call->replies == NULL) {