CVE-2015-5370: s3:rpc_client: verify auth_context_id in rpc_pipe_bind_step_one_done()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2015-07-07 22:51:18 +0200
committer: Stefan Metzmacher <metze@samba.org> 2016-03-30 04:10:16 +0200
commit: 93a0f92b8ebecb38f92d3b2c9a946b486ee91d3c (patch)
tree: 774881155a29db0f7fc2588fed9e48c6d7924b8d
parent: 0cf3151c843e2c779b534743b455e630d89e2ba9 (diff)
download: samba-93a0f92b8ebecb38f92d3b2c9a946b486ee91d3c.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 835aec5faec..b0e92f42525 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1921,6 +1921,14 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq)
 			return;
 		}
 
+		if (auth.auth_context_id != pauth->auth_context_id) {
+			DEBUG(0, (__location__ " Auth context id %u mismatch expected %u.\n",
+				  (unsigned)auth.auth_context_id,
+				  (unsigned)pauth->auth_context_id));
+			tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR);
+			return;
+		}
+
 		break;
 	}
author	Stefan Metzmacher <metze@samba.org>	2015-07-07 22:51:18 +0200
committer	Stefan Metzmacher <metze@samba.org>	2016-03-30 04:10:16 +0200
commit	93a0f92b8ebecb38f92d3b2c9a946b486ee91d3c (patch)
tree	774881155a29db0f7fc2588fed9e48c6d7924b8d
parent	0cf3151c843e2c779b534743b455e630d89e2ba9 (diff)
download	samba-93a0f92b8ebecb38f92d3b2c9a946b486ee91d3c.tar.gz