git.samba.org
/
metze
/
samba
/
wip.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
dd2c270
)
CVE-2015-5370: s3:librpc/rpc: let dcerpc_check_auth() auth_{type,level} against the...
author
Stefan Metzmacher
<metze@samba.org>
Thu, 9 Jul 2015 05:59:24 +0000
(07:59 +0200)
committer
Stefan Metzmacher
<metze@samba.org>
Wed, 30 Mar 2016 02:39:46 +0000
(
04:39
+0200)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
source3/librpc/rpc/dcerpc_helpers.c
patch
|
blob
|
history
diff --git
a/source3/librpc/rpc/dcerpc_helpers.c
b/source3/librpc/rpc/dcerpc_helpers.c
index bb1da467ccc55766b47c52c25563363b557c4fdb..054647c3f58ddd19e682ce21ccb0f1abed2b779c 100644
(file)
--- a/
source3/librpc/rpc/dcerpc_helpers.c
+++ b/
source3/librpc/rpc/dcerpc_helpers.c
@@
-548,6
+548,14
@@
NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
return status;
}
+ if (auth_info.auth_type != auth->auth_type) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (auth_info.auth_level != auth->auth_level) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
pkt_trailer->length -= auth_length;
data = data_blob_const(raw_pkt->data + header_size,
pkt_trailer->length);