CVE-2015-5370: s3:rpc_server: use DCERPC_NCA_S_PROTO_ERROR FAULTs for protocol errors

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 7e33ff0bd6414e5fda7268ab47ed7c0117066f5d..e4e40f1628304eba08281ba9bf44fe46401c0f39 100644 (file)
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -1484,7 +1484,7 @@ void set_incoming_fault(struct pipes_struct *p)
        data_blob_free(&p->in_data.data);
        p->in_data.pdu_needed_len = 0;
        p->in_data.pdu.length = 0;
-       p->fault_state = DCERPC_FAULT_CANT_PERFORM;
+       p->fault_state = DCERPC_NCA_S_PROTO_ERROR;
 
        p->allow_alter = false;
        p->allow_auth3 = false;
@@ -1748,7 +1748,7 @@ done:
        if (!reply) {
                DEBUG(3,("DCE/RPC fault sent!"));
                set_incoming_fault(p);
-               setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR));
+               setup_fault_pdu(p, NT_STATUS(DCERPC_NCA_S_PROTO_ERROR));
        }
        /* pkt and p->in_data.pdu.data freed by caller */
 }