CVE-2015-5370: s4:librpc/rpc: always use ncacn_pull_request_auth() for DCERPC_PKT_RES...
authorStefan Metzmacher <metze@samba.org>
Sat, 27 Jun 2015 08:31:48 +0000 (10:31 +0200)
committerStefan Metzmacher <metze@samba.org>
Tue, 12 Apr 2016 17:25:28 +0000 (19:25 +0200)
It handles the case of DCERPC_AUTH_TYPE_NONE just fine and it makes it
possible to do some verification in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: G√ľnther Deschner <gd@samba.org>
source4/librpc/rpc/dcerpc.c

index 2ecc3fea17c710cd81c68b020435c942651611da..ca964c727a8a0be05133792fd4c6ca3443b755e6 100644 (file)
@@ -1464,8 +1464,7 @@ static void dcerpc_request_recv_data(struct dcecli_connection *c,
          to run the auth routines so that we don't get the sign/seal
          info out of step with the server
        */
-       if (c->security_state.auth_info && c->security_state.generic_state &&
-           pkt->ptype == DCERPC_PKT_RESPONSE) {
+       if (pkt->ptype == DCERPC_PKT_RESPONSE) {
                status = ncacn_pull_request_auth(c, raw_packet->data, raw_packet, pkt);
        }