1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00

CVE-2016-2118: s4:librpc: use integrity by default for authenticated binds

ncacn_ip_tcp:server should get the same protection as ncacn_np:server
if authentication and smb signing is used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616

Signed-off-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Stefan Metzmacher 2016-03-11 16:02:25 +01:00
parent d1c2ad4e16
commit 9085300e90

View File

@ -678,15 +678,15 @@ struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p,
/* Perform an authenticated DCE-RPC bind /* Perform an authenticated DCE-RPC bind
*/ */
if (!(conn->flags & (DCERPC_SIGN|DCERPC_SEAL))) { if (!(conn->flags & (DCERPC_CONNECT|DCERPC_SEAL))) {
/* /*
we are doing an authenticated connection, we are doing an authenticated connection,
but not using sign or seal. We must force which needs to use [connect], [sign] or [seal].
the CONNECT dcerpc auth type as a NONE auth If nothing is specified, we default to [sign] now.
type doesn't allow authentication This give roughly the same protection as
information to be passed. ncacn_np with smb signing.
*/ */
conn->flags |= DCERPC_CONNECT; conn->flags |= DCERPC_SIGN;
} }
if (conn->flags & DCERPC_AUTH_SPNEGO) { if (conn->flags & DCERPC_AUTH_SPNEGO) {