diff options
author | Stefan Metzmacher <metze@samba.org> | 2015-07-09 07:59:24 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2016-03-30 04:39:46 +0200 |
commit | 569781f85853f2fdb8efcbe30048baaaeb23e1f8 (patch) | |
tree | f06230ccaec07f0b40d93154661c3af2c1001296 /source3/librpc | |
parent | dd2c27082e620407c6effdaae5b84d94eea68918 (diff) | |
download | samba-569781f85853f2fdb8efcbe30048baaaeb23e1f8.tar.gz |
CVE-2015-5370: s3:librpc/rpc: let dcerpc_check_auth() auth_{type,level} against the expected values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source3/librpc')
-rw-r--r-- | source3/librpc/rpc/dcerpc_helpers.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c index bb1da467ccc..054647c3f58 100644 --- a/source3/librpc/rpc/dcerpc_helpers.c +++ b/source3/librpc/rpc/dcerpc_helpers.c @@ -548,6 +548,14 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth, return status; } + if (auth_info.auth_type != auth->auth_type) { + return NT_STATUS_INVALID_PARAMETER; + } + + if (auth_info.auth_level != auth->auth_level) { + return NT_STATUS_INVALID_PARAMETER; + } + pkt_trailer->length -= auth_length; data = data_blob_const(raw_pkt->data + header_size, pkt_trailer->length); |