CVE-2015-5370: s3:rpc_client: verify auth_context_id in rpc_pipe_bind_step_one_done()

author Stefan Metzmacher <metze@samba.org>

Tue, 7 Jul 2015 20:51:18 +0000 (22:51 +0200)

committer Stefan Metzmacher <metze@samba.org>

Wed, 30 Mar 2016 02:10:16 +0000 (04:10 +0200)
author Stefan Metzmacher <metze@samba.org>
Tue, 7 Jul 2015 20:51:18 +0000 (22:51 +0200)
committer Stefan Metzmacher <metze@samba.org>
Wed, 30 Mar 2016 02:10:16 +0000 (04:10 +0200)
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c

index 835aec5faecf587d81d5483e1347f18b0a1891ce..b0e92f425253d7b0ad641c1212972681df848e74 100644 (file)
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1921,6 +1921,14 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq)
                         return;
                 }
  
+               if (auth.auth_context_id != pauth->auth_context_id) {
+                       DEBUG(0, (__location__ " Auth context id %u mismatch expected %u.\n",
+                                 (unsigned)auth.auth_context_id,
+                                 (unsigned)pauth->auth_context_id));
+                       tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR);
+                       return;
+               }
+
                 break;
         }
author	Stefan Metzmacher <metze@samba.org>
	Tue, 7 Jul 2015 20:51:18 +0000 (22:51 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Wed, 30 Mar 2016 02:10:16 +0000 (04:10 +0200)