From 02c2a8c7b01d6412393423813b710c88b20fb97f Mon Sep 17 00:00:00 2001 From: Joseph Sutton Date: Tue, 7 Jun 2022 17:25:28 +1200 Subject: [PATCH] CVE-2022-32743 s4:rpc_server/netlogon: Always observe NETR_WS_FLAG_HANDLES_SPN_UPDATE flag Even when there is no old DNS hostname present. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833 Signed-off-by: Joseph Sutton Reviewed-by: Douglas Bagnall --- selftest/knownfail.d/netlogon-dns-host-name | 1 - source4/rpc_server/netlogon/dcerpc_netlogon.c | 7 ++----- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/selftest/knownfail.d/netlogon-dns-host-name b/selftest/knownfail.d/netlogon-dns-host-name index d6a8aa27803..30c157fb8d3 100644 --- a/selftest/knownfail.d/netlogon-dns-host-name +++ b/selftest/knownfail.d/netlogon-dns-host-name @@ -1,7 +1,6 @@ ^samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_set_dns_hostname_invalid_suffix\( ^samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_set_dns_hostname_invalid_validated_write\( ^samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_set_dns_hostname_invalid_write_property\( -^samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_set_dns_hostname_with_flag\( ^samba4.rpc.netlogon on ncacn_ip_tcp with bigendian.netlogon.GetDomainInfo\( ^samba4.rpc.netlogon on ncacn_ip_tcp with seal,padcheck.netlogon.GetDomainInfo\( ^samba4.rpc.netlogon on ncacn_ip_tcp with validate.netlogon.GetDomainInfo\( diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 2d5fc8b070b..efba0138838 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -2495,13 +2495,10 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal /* * Updates the DNS hostname when the client wishes that the * server should handle this for him - * ("NETR_WS_FLAG_HANDLES_SPN_UPDATE" not set). And this is - * obviously only checked when we do already have a - * "dNSHostName". + * ("NETR_WS_FLAG_HANDLES_SPN_UPDATE" not set). * See MS-NRPC section 3.5.4.3.9 */ - if ((old_dns_hostname != NULL) && - (r->in.query->workstation_info->workstation_flags + if ((r->in.query->workstation_info->workstation_flags & NETR_WS_FLAG_HANDLES_SPN_UPDATE) != 0) { update_dns_hostname = false; }