sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Code

CVE-2016-2112: s4:libcli/ldap: make sure we detect downgrade attacks

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This commit is contained in:
Stefan Metzmacher 2015-12-18 08:29:50 +01:00
parent ed863ef46a
commit 1da744b2f9
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
source4/libcli/ldap/ldap_bind.c
View File

@ -495,6 +495,20 @@ try_logon_again:
conn->bind.type = LDAP_BIND_SASL;
conn->bind.creds = creds;
if (wrap_flags & ADS_AUTH_SASL_SEAL) {
if (!gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN)) {
return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
if (!gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL)) {
return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
} else if (wrap_flags & ADS_AUTH_SASL_SIGN) {
if (!gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN)) {
return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
}
if (!gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN) &&
!gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL)) {
return NT_STATUS_OK;