CVE-2015-5370: s4:rpc_server: disconnect after a failing dcesrv_auth_request()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index bd73061333c0aedb3c0e99d0ddd86f4c31ee89ed..b8df7924a510b02f2fe9b23251c1f3e8b623f542 100644 (file)
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -1473,6 +1473,13 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
                }
 
                if (!dcesrv_auth_request(call, &blob)) {
+                       /*
+                        * We don't use dcesrv_fault_disconnect()
+                        * here, because we don't want to set
+                        * DCERPC_PFC_FLAG_DID_NOT_EXECUTE
+                        */
+                       dcesrv_call_disconnect_after(call,
+                                               "dcesrv_auth_request - failed");
                        return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED);
                }
        }