CVE-2016-2115: s4:libcli/raw: limit maxprotocol to NT1 in smb_raw_negotiate*()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2016-02-27 04:15:38 +0100
committer: Stefan Metzmacher <metze@samba.org> 2016-04-12 19:25:26 +0200
commit: 57f0b0c6c085bfac4b25b3711dfa671152e180c4 (patch)
tree: b69328ff79bff98998b77bee6edb1ae3a0ccd71c /source4/libcli
parent: 57212343283b2b43c67ee05db2fb2d8d527054bf (diff)
download: samba-57f0b0c6c085bfac4b25b3711dfa671152e180c4.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/source4/libcli/raw/rawnegotiate.c b/source4/libcli/raw/rawnegotiate.c
index 9b0ed38cf0c..32e8a9195b2 100644
--- a/source4/libcli/raw/rawnegotiate.c
+++ b/source4/libcli/raw/rawnegotiate.c
@@ -51,6 +51,10 @@ struct tevent_req *smb_raw_negotiate_send(TALLOC_CTX *mem_ctx,
 	}
 	state->transport = transport;
 
+	if (maxprotocol > PROTOCOL_NT1) {
+		maxprotocol = PROTOCOL_NT1;
+	}
+
 	subreq = smbXcli_negprot_send(state, ev,
 				      transport->conn,
 				      timeout_msec,
author	Stefan Metzmacher <metze@samba.org>	2016-02-27 04:15:38 +0100
committer	Stefan Metzmacher <metze@samba.org>	2016-04-12 19:25:26 +0200
commit	57f0b0c6c085bfac4b25b3711dfa671152e180c4 (patch)
tree	b69328ff79bff98998b77bee6edb1ae3a0ccd71c /source4/libcli
parent	57212343283b2b43c67ee05db2fb2d8d527054bf (diff)
download	samba-57f0b0c6c085bfac4b25b3711dfa671152e180c4.tar.gz