summaryrefslogtreecommitdiff
path: root/source4/rpc_server
Commit message (Expand)AuthorAgeFilesLines
* CVE-2015-5370: s4:rpc_server: only allow one fragmented call_id at a timeStefan Metzmacher2016-04-121-62/+80
* CVE-2015-5370: s4:rpc_server: limit allocation and alloc_hint to 4 MByteStefan Metzmacher2016-04-121-5/+40
* CVE-2015-5370: s4:rpc_server: check frag_length for requestsStefan Metzmacher2016-04-121-0/+15
* CVE-2015-5370: s4:rpc_server: give the correct reject reasons for invalid aut...Stefan Metzmacher2016-04-122-3/+38
* CVE-2015-5370: s4:rpc_server: disconnect after a failing dcesrv_auth_request()Stefan Metzmacher2016-04-121-0/+7
* CVE-2015-5370: s4:rpc_server: let a failing auth3 mark the authentication as ...Stefan Metzmacher2016-04-123-1/+13
* CVE-2015-5370: s4:rpc_server: failing authentication should generate a SEC_PK...Stefan Metzmacher2016-04-121-7/+1
* CVE-2015-5370: s4:rpc_server: fix the order of error checking in dcesrv_alter()Stefan Metzmacher2016-04-121-6/+18
* CVE-2015-5370: s4:rpc_server: changing an existing presentation context via a...Stefan Metzmacher2016-04-121-0/+21
* CVE-2015-5370: s4:rpc_server: don't derefence an empty ctx_list array in dces...Stefan Metzmacher2016-04-121-4/+10
* CVE-2015-5370: s4:rpc_server: remove pointless dcesrv_find_context() from dce...Stefan Metzmacher2016-04-121-6/+0
* CVE-2015-5370: s4:rpc_server: let invalid request fragments disconnect the co...Stefan Metzmacher2016-04-121-11/+12
* CVE-2015-5370: s4:rpc_server: make sure alter_context and auth3 can't change ...Stefan Metzmacher2016-04-121-0/+24
* CVE-2015-5370: s4:rpc_server: maintain in and out struct dcerpc_auth per dces...Stefan Metzmacher2016-04-124-72/+94
* CVE-2015-5370: s4:rpc_server: ensure that the message ordering doesn't violat...Stefan Metzmacher2016-04-123-2/+59
* CVE-2015-5370: s4:rpc_server: verify the protocol headers before processing pdusStefan Metzmacher2016-04-121-3/+103
* CVE-2015-5370: s4:rpc_server: add infrastructure to terminate a connection af...Stefan Metzmacher2016-04-122-1/+62
* CVE-2015-5370: s4:rpc_server: make dcesrv_process_ncacn_packet() staticStefan Metzmacher2016-04-121-3/+3
* CVE-2015-5370: s4:rpc_server: return the correct secondary_address in dcesrv_...Stefan Metzmacher2016-04-121-4/+27
* CVE-2015-5370: s4:rpc_server: add some padding to dcesrv_bind_nak() responsesStefan Metzmacher2016-04-121-1/+2
* CVE-2015-5370: s4:rpc_server: split out a dcesrv_fault_with_flags() helper fu...Stefan Metzmacher2016-04-121-3/+8
* CVE-2015-5370: s4:rpc_server: fill context_id in dcesrv_fault()Stefan Metzmacher2016-04-121-1/+14
* CVE-2015-5370: s4:rpc_server: set alloc_hint = 24 in dcesrv_fault()Stefan Metzmacher2016-04-121-1/+1
* CVE-2015-5370: s4:rpc_server: avoid ZERO_STRUCT() in dcesrv_fault()Stefan Metzmacher2016-04-121-4/+2
* CVE-2015-5370: s4:rpc_server: correctly maintain dcesrv_connection->max_{recv...Stefan Metzmacher2016-04-123-10/+27
* CVE-2015-5370: s4:rpc_server/netlogon: make use of dce_call->conn->auth_state...Stefan Metzmacher2016-04-121-12/+4
* CVE-2015-5370: s4:rpc_server/samr: make use of dce_call->conn->auth_state.aut...Stefan Metzmacher2016-04-121-6/+1
* CVE-2015-5370: s4:rpc_server/lsa: make use of dce_call->conn->auth_state.auth...Stefan Metzmacher2016-04-121-6/+6
* CVE-2015-5370: s4:rpc_server: make use of dce_call->conn->auth_state.auth_* i...Stefan Metzmacher2016-04-121-11/+6
* CVE-2015-5370: s4:rpc_server: maintain dcesrv_auth->auth_{type,level,context_id}Stefan Metzmacher2016-04-122-6/+26
* CVE-2015-5370: s4:rpc_server: check the result of dcerpc_pull_auth_trailer() ...Stefan Metzmacher2016-04-121-0/+4
* CVE-2015-5370: s4:rpc_server: no authentication is indicated by pkt->auth_len...Stefan Metzmacher2016-04-121-9/+19
* CVE-2015-5370: s4:rpc_server: make use of talloc_zero()Stefan Metzmacher2016-04-123-19/+19
* CVE-2016-2118: s4:rpc_server/samr: allow _samr_ValidatePassword only with PRI...Stefan Metzmacher2016-04-121-0/+9
* CVE-2016-2118: s4:rpc_server/rpcecho: allow DCERPC_AUTH_LEVEL_CONNECT by defaultStefan Metzmacher2016-04-121-0/+7
* CVE-2016-2118: s4:rpc_server/mgmt: allow DCERPC_AUTH_LEVEL_CONNECT by defaultStefan Metzmacher2016-04-121-0/+8
* CVE-2016-2118: s4:rpc_server/epmapper: allow DCERPC_AUTH_LEVEL_CONNECT by def...Stefan Metzmacher2016-04-121-0/+8
* CVE-2016-2118: s4:rpc_server/netlogon: reject DCERPC_AUTH_LEVEL_CONNECT by de...Stefan Metzmacher2016-04-121-0/+8
* CVE-2016-2118: s4:rpc_server/samr: reject DCERPC_AUTH_LEVEL_CONNECT by defaultStefan Metzmacher2016-04-121-0/+8
* CVE-2016-2118: s4:rpc_server/lsa: reject DCERPC_AUTH_LEVEL_CONNECT by defaultStefan Metzmacher2016-04-121-0/+8
* CVE-2016-2118: s4:rpc_server: make use of "allow dcerpc auth level connect"Stefan Metzmacher2016-04-122-0/+109
* CVE-2016-2118: s4:rpc_server/dnsserver: require at least DCERPC_AUTH_LEVEL_IN...Stefan Metzmacher2016-04-121-0/+8
* CVE-2016-2118: s4:rpc_server/backupkey: require DCERPC_AUTH_LEVEL_PRIVACYStefan Metzmacher2016-04-122-10/+15
* CVE-2016-2118: s4:rpc_server/drsuapi: require DCERPC_AUTH_LEVEL_PRIVACYStefan Metzmacher2016-04-121-0/+8
* CVE-2016-2118: s4:rpc_server: make it possible to define a min_auth_level on ...Stefan Metzmacher2016-04-122-0/+69
* CVE-2016-2111: s4:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_C...Stefan Metzmacher2016-04-121-0/+9
* CVE-2016-2111: s4:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for ...Stefan Metzmacher2016-04-121-0/+10
* CVE-2016-2111: s4:rpc_server: implement 'server schannel = yes' restrictionStefan Metzmacher2016-04-121-1/+16
* s4:rpc_server: require access to the machine account credentialsStefan Metzmacher2016-03-171-4/+4
* s4:rpc_server: dcesrv_generic_session_key should only work on local transportsStefan Metzmacher2016-03-101-0/+7