CVE-2016-2113: s4:librpc/rpc: verify the rpc_proxy certificate and hostname if configured
authorStefan Metzmacher <metze@samba.org>
Wed, 23 Dec 2015 15:17:04 +0000 (16:17 +0100)
committerStefan Metzmacher <metze@samba.org>
Tue, 12 Apr 2016 17:25:25 +0000 (19:25 +0200)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: G√ľnther Deschner <gd@samba.org>
source4/librpc/rpc/dcerpc_roh.c

index c4842fb8cb64c04344066b378883982f0e15fc55..6da29787fbe94d232ba0c3d8878a803c37d7d63c 100644 (file)
@@ -185,10 +185,17 @@ struct tevent_req *dcerpc_pipe_open_roh_send(struct dcecli_connection *conn,
 
        /* Initialize TLS */
        if (use_tls) {
 
        /* Initialize TLS */
        if (use_tls) {
-               status = tstream_tls_params_client(state->roh, NULL, NULL,
-                                                  lpcfg_tls_priority(lp_ctx),
-                                                  TLS_VERIFY_PEER_NO_CHECK,
-                                                  NULL,
+               char *ca_file = lpcfg_tls_cafile(state, lp_ctx);
+               char *crl_file = lpcfg_tls_crlfile(state, lp_ctx);
+               const char *tls_priority = lpcfg_tls_priority(lp_ctx);
+               enum tls_verify_peer_state verify_peer =
+                       lpcfg_tls_verify_peer(lp_ctx);
+
+               status = tstream_tls_params_client(state->roh,
+                                                  ca_file, crl_file,
+                                                  tls_priority,
+                                                  verify_peer,
+                                                  state->rpc_proxy,
                                                   &state->tls_params);
                if (!NT_STATUS_IS_OK(status)) {
                        DEBUG(0,("%s: Failed tstream_tls_params_client - %s\n",
                                                   &state->tls_params);
                if (!NT_STATUS_IS_OK(status)) {
                        DEBUG(0,("%s: Failed tstream_tls_params_client - %s\n",