CVE-2015-5370: s4:librpc/rpc: avoid dereferencing sec->auth_info in dcerpc_request_pr...
authorStefan Metzmacher <metze@samba.org>
Sat, 27 Jun 2015 08:31:48 +0000 (10:31 +0200)
committerStefan Metzmacher <metze@samba.org>
Tue, 12 Apr 2016 17:25:28 +0000 (19:25 +0200)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: G√ľnther Deschner <gd@samba.org>
source4/librpc/rpc/dcerpc.c

index ca964c727a8a0be05133792fd4c6ca3443b755e6..319741f06c5dd94eda27d65164f14dac63d260a3 100644 (file)
@@ -1641,11 +1641,7 @@ static NTSTATUS dcerpc_request_prepare_vt(struct rpc_request *req)
        struct ndr_push *ndr = NULL;
        enum ndr_err_code ndr_err;
 
-       if (sec->auth_info == NULL) {
-               return NT_STATUS_OK;
-       }
-
-       if (sec->auth_info->auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) {
+       if (sec->auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) {
                return NT_STATUS_OK;
        }