diff options
author | Stefan Metzmacher <metze@samba.org> | 2015-06-27 10:31:48 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2016-04-12 19:25:28 +0200 |
commit | d4e735ce6ad18447dd4d16b92dd0c8217cc6c6de (patch) | |
tree | 34535b4aa6699dd155aeaddf5ebe9f1bbb70e5c7 /source4/librpc | |
parent | 8a93fbc7e3be5332e3cd82ad0b16a607987ec364 (diff) | |
download | samba-d4e735ce6ad18447dd4d16b92dd0c8217cc6c6de.tar.gz |
CVE-2015-5370: s4:librpc/rpc: always use ncacn_pull_request_auth() for DCERPC_PKT_RESPONSE pdus
It handles the case of DCERPC_AUTH_TYPE_NONE just fine and it makes it
possible to do some verification in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source4/librpc')
-rw-r--r-- | source4/librpc/rpc/dcerpc.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index 2ecc3fea17c..ca964c727a8 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -1464,8 +1464,7 @@ static void dcerpc_request_recv_data(struct dcecli_connection *c, to run the auth routines so that we don't get the sign/seal info out of step with the server */ - if (c->security_state.auth_info && c->security_state.generic_state && - pkt->ptype == DCERPC_PKT_RESPONSE) { + if (pkt->ptype == DCERPC_PKT_RESPONSE) { status = ncacn_pull_request_auth(c, raw_packet->data, raw_packet, pkt); } |