git.samba.org
/
metze
/
samba
/
wip.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
7e682ed
)
CVE-2015-5370: s4:rpc_server: reject DCERPC_PFC_FLAG_PENDING_CANCEL with DCERPC_FAULT...
author
Stefan Metzmacher
<metze@samba.org>
Wed, 15 Jul 2015 08:18:13 +0000
(10:18 +0200)
committer
Stefan Metzmacher
<metze@samba.org>
Wed, 30 Mar 2016 02:39:46 +0000
(
04:39
+0200)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
source4/rpc_server/dcerpc_server.c
patch
|
blob
|
history
diff --git
a/source4/rpc_server/dcerpc_server.c
b/source4/rpc_server/dcerpc_server.c
index 46d16b417d02e59cf40470f9462eb3e137f7ae49..8c6935111a416e65211e169e4886d467241fe026 100644
(file)
--- a/
source4/rpc_server/dcerpc_server.c
+++ b/
source4/rpc_server/dcerpc_server.c
@@
-1468,6
+1468,10
@@
static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
return dcesrv_fault(call,
DCERPC_NCA_S_PROTO_ERROR);
}
+ if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_PENDING_CANCEL) {
+ return dcesrv_fault_disconnect(call,
+ DCERPC_FAULT_NO_CALL_ACTIVE);
+ }
} else {
const struct dcerpc_request *nr = &call->pkt.u.request;
const struct dcerpc_request *er = NULL;