CVE-2016-2111: auth/gensec: correctly report GENSEC_FEATURE_{SIGN,SEAL} in schannel_h...
authorStefan Metzmacher <metze@samba.org>
Tue, 15 Dec 2015 14:10:20 +0000 (15:10 +0100)
committerStefan Metzmacher <metze@samba.org>
Tue, 12 Apr 2016 17:25:23 +0000 (19:25 +0200)
This depends on the DCERPC auth level.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: G√ľnther Deschner <gd@samba.org>
auth/gensec/schannel.c

index be2e94e14d805715313d8c0e3771649262f52a7b..8baf803f91203d277d1d2c224fb8ff41c25b4b69 100644 (file)
@@ -672,9 +672,15 @@ static NTSTATUS schannel_client_start(struct gensec_security *gensec_security)
 static bool schannel_have_feature(struct gensec_security *gensec_security,
                                         uint32_t feature)
 {
-       if (feature & (GENSEC_FEATURE_SIGN |
-                      GENSEC_FEATURE_SEAL)) {
-               return true;
+       if (gensec_security->dcerpc_auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY) {
+               if (feature & GENSEC_FEATURE_SIGN) {
+                       return true;
+               }
+       }
+       if (gensec_security->dcerpc_auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+               if (feature & GENSEC_FEATURE_SEAL) {
+                       return true;
+               }
        }
        if (feature & GENSEC_FEATURE_DCE_STYLE) {
                return true;