CVE-2015-5370: s4:rpc_server: check the result of dcerpc_pull_auth_trailer() in dcesr...

author Stefan Metzmacher <metze@samba.org>

Fri, 26 Jun 2015 06:10:46 +0000 (08:10 +0200)

committer Stefan Metzmacher <metze@samba.org>

Wed, 30 Mar 2016 02:10:07 +0000 (04:10 +0200)
author Stefan Metzmacher <metze@samba.org>
Fri, 26 Jun 2015 06:10:46 +0000 (08:10 +0200)
committer Stefan Metzmacher <metze@samba.org>
Wed, 30 Mar 2016 02:10:07 +0000 (04:10 +0200)
diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c

index beccc78e3ec94ea51500c56b6fd186ed7d4d9cb1..c3ba40cac07997e0344e77d45d2a6081ce346317 100644 (file)
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -59,6 +59,10 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call)
         status = dcerpc_pull_auth_trailer(pkt, call, &pkt->u.bind.auth_info,
                                           dce_conn->auth_state.auth_info,
                                           &auth_length, false);
+       if (!NT_STATUS_IS_OK(status)) {
+               return false;
+       }
+
         server_credentials 
                 = cli_credentials_init(call);
         if (!server_credentials) {
author	Stefan Metzmacher <metze@samba.org>
	Fri, 26 Jun 2015 06:10:46 +0000 (08:10 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Wed, 30 Mar 2016 02:10:07 +0000 (04:10 +0200)