mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
CVE-2015-5370: s4:rpc_server: fix the order of error checking in dcesrv_alter()
The basically matches Windows 2012R2, it's not 100% but it's enough for our raw protocol tests to pass. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
This commit is contained in:
parent
1f7dc721e7
commit
ed066b6ca4
@ -1106,6 +1106,7 @@ static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call)
|
||||
{
|
||||
NTSTATUS status;
|
||||
const struct dcerpc_ctx_list *ctx = NULL;
|
||||
bool auth_ok = false;
|
||||
|
||||
if (!call->conn->allow_alter) {
|
||||
return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
|
||||
@ -1127,12 +1128,12 @@ static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call)
|
||||
return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
|
||||
}
|
||||
|
||||
/* handle any authentication that is being requested */
|
||||
if (!dcesrv_auth_alter(call)) {
|
||||
/* TODO: work out the right reject code */
|
||||
return dcesrv_alter_resp(call,
|
||||
DCERPC_BIND_PROVIDER_REJECT,
|
||||
DCERPC_BIND_REASON_ASYNTAX);
|
||||
auth_ok = dcesrv_auth_alter(call);
|
||||
if (!auth_ok) {
|
||||
if (call->in_auth_info.auth_type == DCERPC_AUTH_TYPE_NONE) {
|
||||
return dcesrv_fault_disconnect(call,
|
||||
DCERPC_FAULT_ACCESS_DENIED);
|
||||
}
|
||||
}
|
||||
|
||||
if (call->pkt.u.alter.num_contexts < 1) {
|
||||
@ -1186,6 +1187,17 @@ static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call)
|
||||
DCERPC_BIND_REASON_ASYNTAX);
|
||||
}
|
||||
|
||||
/* handle any authentication that is being requested */
|
||||
if (!auth_ok) {
|
||||
if (call->in_auth_info.auth_type !=
|
||||
call->conn->auth_state.auth_type)
|
||||
{
|
||||
return dcesrv_fault_disconnect(call,
|
||||
DCERPC_FAULT_SEC_PKG_ERROR);
|
||||
}
|
||||
return dcesrv_fault_disconnect(call, DCERPC_FAULT_ACCESS_DENIED);
|
||||
}
|
||||
|
||||
return dcesrv_alter_resp(call,
|
||||
DCERPC_BIND_ACK_RESULT_ACCEPTANCE,
|
||||
DCERPC_BIND_ACK_REASON_NOT_SPECIFIED);
|
||||
|
Loading…
Reference in New Issue
Block a user