CVE-2016-2111: s4:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validati...
authorStefan Metzmacher <metze@samba.org>
Fri, 7 Aug 2015 11:33:17 +0000 (13:33 +0200)
committerStefan Metzmacher <metze@samba.org>
Tue, 12 Apr 2016 17:25:23 +0000 (19:25 +0200)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: G√ľnther Deschner <gd@samba.org>
source4/rpc_server/netlogon/dcerpc_netlogon.c

index fee25755ff86aa079f4f0b27871f7f639f31d8ef..bd7371d07c7450dea7a1385a81d6bf1190cf443b 100644 (file)
@@ -993,6 +993,16 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
                break;
 
        case 6:
+               if (dce_call->conn->auth_state.auth_info == NULL) {
+                       return NT_STATUS_INVALID_PARAMETER;
+               }
+
+               if (dce_call->conn->auth_state.auth_info->auth_level !=
+                   DCERPC_AUTH_LEVEL_PRIVACY)
+               {
+                       return NT_STATUS_INVALID_PARAMETER;
+               }
+
                nt_status = auth_convert_user_info_dc_saminfo3(mem_ctx,
                                                           user_info_dc,
                                                           &sam3);