sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00
Code

CVE-2016-2113: s4:librpc/rpc: verify the rpc_proxy certificate and hostname if configured

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This commit is contained in:
Stefan Metzmacher 2015-12-23 16:17:04 +01:00
parent 4b679c350a
commit 45ff760cf3
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
source4/librpc/rpc/dcerpc_roh.c
View File

@ -185,10 +185,17 @@ struct tevent_req *dcerpc_pipe_open_roh_send(struct dcecli_connection *conn,
/* Initialize TLS */
if (use_tls) {
status = tstream_tls_params_client(state->roh, NULL, NULL,
lpcfg_tls_priority(lp_ctx),
TLS_VERIFY_PEER_NO_CHECK,
NULL,
char *ca_file = lpcfg_tls_cafile(state, lp_ctx);
char *crl_file = lpcfg_tls_crlfile(state, lp_ctx);
const char *tls_priority = lpcfg_tls_priority(lp_ctx);
enum tls_verify_peer_state verify_peer =
lpcfg_tls_verify_peer(lp_ctx);
status = tstream_tls_params_client(state->roh,
ca_file, crl_file,
tls_priority,
verify_peer,
state->rpc_proxy,
&state->tls_params);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("%s: Failed tstream_tls_params_client - %s\n",