git.samba.org
/
samba.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
0cf3151
)
CVE-2015-5370: s3:rpc_client: verify auth_context_id in rpc_pipe_bind_step_one_done()
author
Stefan Metzmacher
<metze@samba.org>
Tue, 7 Jul 2015 20:51:18 +0000
(22:51 +0200)
committer
Stefan Metzmacher
<metze@samba.org>
Wed, 30 Mar 2016 02:10:16 +0000
(
04:10
+0200)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
source3/rpc_client/cli_pipe.c
patch
|
blob
|
history
diff --git
a/source3/rpc_client/cli_pipe.c
b/source3/rpc_client/cli_pipe.c
index 835aec5faecf587d81d5483e1347f18b0a1891ce..b0e92f425253d7b0ad641c1212972681df848e74 100644
(file)
--- a/
source3/rpc_client/cli_pipe.c
+++ b/
source3/rpc_client/cli_pipe.c
@@
-1921,6
+1921,14
@@
static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq)
return;
}
+ if (auth.auth_context_id != pauth->auth_context_id) {
+ DEBUG(0, (__location__ " Auth context id %u mismatch expected %u.\n",
+ (unsigned)auth.auth_context_id,
+ (unsigned)pauth->auth_context_id));
+ tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR);
+ return;
+ }
+
break;
}