diff options
author | Stefan Metzmacher <metze@samba.org> | 2015-06-27 10:31:48 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2016-04-12 19:25:28 +0200 |
commit | 8f6cffcb3c19f55999fc7df7f338a01bf409f70f (patch) | |
tree | e6fe5ae72f2c05805a7b17fd3d6b69142af856e1 /source4/librpc/rpc/dcerpc_auth.c | |
parent | 27da35f8dfbdc191f72087e5f139cbe2ac68462b (diff) | |
download | samba-8f6cffcb3c19f55999fc7df7f338a01bf409f70f.tar.gz |
CVE-2015-5370: s4:librpc/rpc: use auth_context_id = 1
In future we want to verify that the auth_context_id from the server
is what we expect.
As Samba (<= 4.2.3) use a hardcoded value of 1 in responses, we
need to use that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source4/librpc/rpc/dcerpc_auth.c')
-rw-r--r-- | source4/librpc/rpc/dcerpc_auth.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c index aec72ca9943..443c7587e72 100644 --- a/source4/librpc/rpc/dcerpc_auth.c +++ b/source4/librpc/rpc/dcerpc_auth.c @@ -355,7 +355,12 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx, sec->auth_type = auth_type; sec->auth_level = auth_level, - sec->auth_context_id = random(); + /* + * We use auth_context_id = 1 as some older + * Samba versions (<= 4.2.3) use that value hardcoded + * in a response. + */ + sec->auth_context_id = 1; sec->auth_info = talloc(p, struct dcerpc_auth); if (composite_nomem(sec->auth_info, c)) return c; |