CVE-2015-5370: s4:librpc/rpc: always use ncacn_pull_request_auth() for DCERPC_PKT_RESPONSE pdus

It handles the case of DCERPC_AUTH_TYPE_NONE just fine and it makes it possible to do some verification in future. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2015-06-27 10:31:48 +0200
committer: Stefan Metzmacher <metze@samba.org> 2016-04-12 19:25:28 +0200
commit: d4e735ce6ad18447dd4d16b92dd0c8217cc6c6de (patch)
tree: 34535b4aa6699dd155aeaddf5ebe9f1bbb70e5c7 /source4/librpc
parent: 8a93fbc7e3be5332e3cd82ad0b16a607987ec364 (diff)
download: samba-d4e735ce6ad18447dd4d16b92dd0c8217cc6c6de.tar.gz
1 files changed, 1 insertions, 2 deletions
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index 2ecc3fea17c..ca964c727a8 100644
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -1464,8 +1464,7 @@ static void dcerpc_request_recv_data(struct dcecli_connection *c,
 	  to run the auth routines so that we don't get the sign/seal
 	  info out of step with the server
 	*/
-	if (c->security_state.auth_info && c->security_state.generic_state &&
-	    pkt->ptype == DCERPC_PKT_RESPONSE) {
+	if (pkt->ptype == DCERPC_PKT_RESPONSE) {
 		status = ncacn_pull_request_auth(c, raw_packet->data, raw_packet, pkt);
 	}
author	Stefan Metzmacher <metze@samba.org>	2015-06-27 10:31:48 +0200
committer	Stefan Metzmacher <metze@samba.org>	2016-04-12 19:25:28 +0200
commit	d4e735ce6ad18447dd4d16b92dd0c8217cc6c6de (patch)
tree	34535b4aa6699dd155aeaddf5ebe9f1bbb70e5c7 /source4/librpc
parent	8a93fbc7e3be5332e3cd82ad0b16a607987ec364 (diff)
download	samba-d4e735ce6ad18447dd4d16b92dd0c8217cc6c6de.tar.gz