librpc/rpc: let dcerpc_pull_auth_trailer() only accept auth_length!=NULL or auth_data...

author Stefan Metzmacher <metze@samba.org>

Mon, 20 Jun 2016 14:17:45 +0000 (16:17 +0200)

committer Karolin Seeger <kseeger@samba.org>

Thu, 4 Aug 2016 08:59:19 +0000 (10:59 +0200)
author Stefan Metzmacher <metze@samba.org>
Mon, 20 Jun 2016 14:17:45 +0000 (16:17 +0200)
committer Karolin Seeger <kseeger@samba.org>
Thu, 4 Aug 2016 08:59:19 +0000 (10:59 +0200)
diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c

index 43e1b7f426fa0d4543f85aab21044eeb169af880..4d82e9a53a975c9af42b13734b4c9d4d113cd638 100644 (file)
--- a/librpc/rpc/dcerpc_util.c
+++ b/librpc/rpc/dcerpc_util.c
@@ -99,6 +99,14 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
         ZERO_STRUCTP(auth);
         if (_auth_length != NULL) {
                 *_auth_length = 0;
+
+               if (auth_data_only) {
+                       return NT_STATUS_INTERNAL_ERROR;
+               }
+       } else {
+               if (!auth_data_only) {
+                       return NT_STATUS_INTERNAL_ERROR;
+               }
         }
  
         /* Paranoia checks for auth_length. The caller should check this... */
author	Stefan Metzmacher <metze@samba.org>
	Mon, 20 Jun 2016 14:17:45 +0000 (16:17 +0200)
committer	Karolin Seeger <kseeger@samba.org>
	Thu, 4 Aug 2016 08:59:19 +0000 (10:59 +0200)