sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Code

CVE-2016-2111: auth/gensec: require DCERPC_AUTH_LEVEL_INTEGRITY or higher in schannel_update()

Browse Source 
It doesn't make any sense to allow other auth levels.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This commit is contained in:
Stefan Metzmacher 2015-12-15 15:11:32 +01:00
parent 0d641ee36a
commit 2200d49cc6
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
auth/gensec/schannel.c
View File

@ -467,6 +467,16 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
*out = data_blob(NULL, 0);
if (gensec_security->dcerpc_auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) {
switch (gensec_security->gensec_role) {
case GENSEC_CLIENT:
return NT_STATUS_INVALID_PARAMETER_MIX;
case GENSEC_SERVER:
return NT_STATUS_INVALID_PARAMETER;
}
return NT_STATUS_INTERNAL_ERROR;
}
switch (gensec_security->gensec_role) {
case GENSEC_CLIENT:
if (state != NULL) {