CVE-2016-2111: s4:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validati...

author Stefan Metzmacher <metze@samba.org>

Fri, 7 Aug 2015 11:33:17 +0000 (13:33 +0200)

committer Stefan Metzmacher <metze@samba.org>

Tue, 12 Apr 2016 17:25:23 +0000 (19:25 +0200)
author Stefan Metzmacher <metze@samba.org>
Fri, 7 Aug 2015 11:33:17 +0000 (13:33 +0200)
committer Stefan Metzmacher <metze@samba.org>
Tue, 12 Apr 2016 17:25:23 +0000 (19:25 +0200)
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c

index fee25755ff86aa079f4f0b27871f7f639f31d8ef..bd7371d07c7450dea7a1385a81d6bf1190cf443b 100644 (file)
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -993,6 +993,16 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
                 break;
  
         case 6:
+               if (dce_call->conn->auth_state.auth_info == NULL) {
+                       return NT_STATUS_INVALID_PARAMETER;
+               }
+
+               if (dce_call->conn->auth_state.auth_info->auth_level !=
+                   DCERPC_AUTH_LEVEL_PRIVACY)
+               {
+                       return NT_STATUS_INVALID_PARAMETER;
+               }
+
                 nt_status = auth_convert_user_info_dc_saminfo3(mem_ctx,
                                                            user_info_dc,
                                                            &sam3);
author	Stefan Metzmacher <metze@samba.org>
	Fri, 7 Aug 2015 11:33:17 +0000 (13:33 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Tue, 12 Apr 2016 17:25:23 +0000 (19:25 +0200)