diff options
author | Stefan Metzmacher <metze@samba.org> | 2016-02-27 04:15:38 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2016-04-12 19:25:26 +0200 |
commit | 57f0b0c6c085bfac4b25b3711dfa671152e180c4 (patch) | |
tree | b69328ff79bff98998b77bee6edb1ae3a0ccd71c /source4/libcli | |
parent | 57212343283b2b43c67ee05db2fb2d8d527054bf (diff) | |
download | samba-57f0b0c6c085bfac4b25b3711dfa671152e180c4.tar.gz |
CVE-2016-2115: s4:libcli/raw: limit maxprotocol to NT1 in smb_raw_negotiate*()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Diffstat (limited to 'source4/libcli')
-rw-r--r-- | source4/libcli/raw/rawnegotiate.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/source4/libcli/raw/rawnegotiate.c b/source4/libcli/raw/rawnegotiate.c index 9b0ed38cf0c..32e8a9195b2 100644 --- a/source4/libcli/raw/rawnegotiate.c +++ b/source4/libcli/raw/rawnegotiate.c @@ -51,6 +51,10 @@ struct tevent_req *smb_raw_negotiate_send(TALLOC_CTX *mem_ctx, } state->transport = transport; + if (maxprotocol > PROTOCOL_NT1) { + maxprotocol = PROTOCOL_NT1; + } + subreq = smbXcli_negprot_send(state, ev, transport->conn, timeout_msec, |