sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-01 04:58:35 +03:00
Code

CVE-2015-5370: s3:rpc_server: make sure auth_level isn't changed by alter_context or auth3

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This commit is contained in:
Stefan Metzmacher 2015-07-07 13:05:01 +02:00
parent d11c5d37ba
commit 84cbf3dfed
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
source3/rpc_server/srv_pipe.c
View File

@ -896,6 +896,13 @@ bool api_pipe_bind_auth3(struct pipes_struct *p, struct ncacn_packet *pkt)
goto err;
}
if (auth_info.auth_level != p->auth.auth_level) {
DEBUG(1, ("Auth level mismatch! Client sent %d, "
"but auth was started as level %d!\n",
auth_info.auth_level, p->auth.auth_level));
goto err;
}
gensec_security = p->auth.auth_ctx;
status = auth_generic_server_step(gensec_security,
@ -1008,6 +1015,13 @@ static bool api_pipe_alter_context(struct pipes_struct *p,
goto err_exit;
}
if (auth_info.auth_level != p->auth.auth_level) {
DEBUG(0, ("Auth level mismatch! Client sent %d, "
"but auth was started as level %d!\n",
auth_info.auth_level, p->auth.auth_level));
goto err_exit;
}
gensec_security = p->auth.auth_ctx;
status = auth_generic_server_step(gensec_security,
pkt,