CVE-2016-2118: librpc: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY

ncacn_ip_tcp:server should get the same protection as ncacn_np:server if authentication and smb signing is used. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616 Signed-off-by: Stefan Metzmacher <metze@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2015-12-15 14:49:36 +0100
committer: Stefan Metzmacher <metze@samba.org> 2016-04-12 19:25:27 +0200
commit: d1c2ad4e16096c00259f45e59e1258a67ef8ef03 (patch)
tree: ff3144a0053ccb6d6ffdeea7a802ae2bf324e580 /librpc/rpc
parent: 6a47994cdb2ad414381063c482bd6056419ee48c (diff)
download: samba-d1c2ad4e16096c00259f45e59e1258a67ef8ef03.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/librpc/rpc/binding.c b/librpc/rpc/binding.c
index d0acd6e78bb..b9ccecd7776 100644
--- a/librpc/rpc/binding.c
+++ b/librpc/rpc/binding.c
@@ -591,7 +591,7 @@ _PUBLIC_ void dcerpc_binding_get_auth_info(const struct dcerpc_binding *b,
 	} else if (b->flags & DCERPC_CONNECT) {
 		auth_level = DCERPC_AUTH_LEVEL_CONNECT;
 	} else if (auth_type != DCERPC_AUTH_TYPE_NONE) {
-		auth_level = DCERPC_AUTH_LEVEL_CONNECT;
+		auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
 	} else {
 		auth_level = DCERPC_AUTH_LEVEL_NONE;
 	}
author	Stefan Metzmacher <metze@samba.org>	2015-12-15 14:49:36 +0100
committer	Stefan Metzmacher <metze@samba.org>	2016-04-12 19:25:27 +0200
commit	d1c2ad4e16096c00259f45e59e1258a67ef8ef03 (patch)
tree	ff3144a0053ccb6d6ffdeea7a802ae2bf324e580 /librpc/rpc
parent	6a47994cdb2ad414381063c482bd6056419ee48c (diff)
download	samba-d1c2ad4e16096c00259f45e59e1258a67ef8ef03.tar.gz