CVE-2016-2115: s4:libcli/raw: limit maxprotocol to NT1 in smb_raw_negotiate*()
authorStefan Metzmacher <metze@samba.org>
Sat, 27 Feb 2016 03:15:38 +0000 (04:15 +0100)
committerStefan Metzmacher <metze@samba.org>
Tue, 12 Apr 2016 17:25:26 +0000 (19:25 +0200)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
source4/libcli/raw/rawnegotiate.c

index 9b0ed38cf0c1a55c000d23a671018b9de6048ede..32e8a9195b257103a08533b849e434f5e59ffa68 100644 (file)
@@ -51,6 +51,10 @@ struct tevent_req *smb_raw_negotiate_send(TALLOC_CTX *mem_ctx,
        }
        state->transport = transport;
 
+       if (maxprotocol > PROTOCOL_NT1) {
+               maxprotocol = PROTOCOL_NT1;
+       }
+
        subreq = smbXcli_negprot_send(state, ev,
                                      transport->conn,
                                      timeout_msec,