STEP01: dcerpc_check_pdu_auth fix librpc/rpc/dcerpc_connection.c

diff --git a/librpc/rpc/dcerpc_connection.c b/librpc/rpc/dcerpc_connection.c
index 93f0c68fe43a8eee0cefb3391300f7c7bfe5addb..f6449e733de24e1bcb545bbd986628ec8ef28897 100644 (file)
--- a/librpc/rpc/dcerpc_connection.c
+++ b/librpc/rpc/dcerpc_connection.c
@@ -605,6 +605,18 @@ static NTSTATUS dcerpc_check_pdu_auth(struct dcerpc_security *sec,
                return status;
        }
 
+       if (auth_info.auth_type != sec->auth_type) {
+               return NT_STATUS_RPC_PROTOCOL_ERROR;
+       }
+
+       if (auth_info.auth_level != sec->auth_level) {
+               return NT_STATUS_RPC_PROTOCOL_ERROR;
+       }
+
+       if (auth_info.auth_context_id != sec->context_id) {
+               return NT_STATUS_RPC_PROTOCOL_ERROR;
+       }
+
        data = data_blob_const(raw_pkt->data + header_size,
                                pkt_trailer->length - auth_length);
        full_pkt = data_blob_const(raw_pkt->data,
@@ -627,6 +639,9 @@ static NTSTATUS dcerpc_check_pdu_auth(struct dcerpc_security *sec,
                                            full_pkt.data,
                                            full_pkt.length,
                                            &auth_info.credentials);
+               if (!NT_STATUS_IS_OK(status)) {
+                       return status;
+               }
                break;
 
        case DCERPC_AUTH_LEVEL_INTEGRITY:
@@ -637,6 +652,9 @@ static NTSTATUS dcerpc_check_pdu_auth(struct dcerpc_security *sec,
                                            full_pkt.data,
                                            full_pkt.length,
                                            &auth_info.credentials);
+               if (!NT_STATUS_IS_OK(status)) {
+                       return status;
+               }
                break;
        default:
                return NT_STATUS_INVALID_PARAMETER;