diff options
author | Stefan Metzmacher <metze@samba.org> | 2015-07-09 07:59:24 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2016-04-12 19:25:31 +0200 |
commit | 8a6240872c405169176ad7314da9594afb4f8fa1 (patch) | |
tree | 0385294363f45399eea72689232678b333a49600 /source3/librpc | |
parent | 642fe0aa16b6485a9ec83f2eef917272fa2d0997 (diff) | |
download | samba-8a6240872c405169176ad7314da9594afb4f8fa1.tar.gz |
CVE-2015-5370: s3:librpc/rpc: let dcerpc_check_auth() auth_{type,level} against the expected values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source3/librpc')
-rw-r--r-- | source3/librpc/rpc/dcerpc_helpers.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c index bb1da467ccc..054647c3f58 100644 --- a/source3/librpc/rpc/dcerpc_helpers.c +++ b/source3/librpc/rpc/dcerpc_helpers.c @@ -548,6 +548,14 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth, return status; } + if (auth_info.auth_type != auth->auth_type) { + return NT_STATUS_INVALID_PARAMETER; + } + + if (auth_info.auth_level != auth->auth_level) { + return NT_STATUS_INVALID_PARAMETER; + } + pkt_trailer->length -= auth_length; data = data_blob_const(raw_pkt->data + header_size, pkt_trailer->length); |