git.samba.org
/
metze
/
samba
/
wip.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
ff8514f
)
STEP01: dcerpc_check_pdu_auth fix librpc/rpc/dcerpc_connection.c
author
Stefan Metzmacher
<metze@samba.org>
Fri, 17 Jan 2014 18:13:57 +0000
(19:13 +0100)
committer
Stefan Metzmacher
<metze@samba.org>
Tue, 4 Jun 2019 10:45:39 +0000
(12:45 +0200)
librpc/rpc/dcerpc_connection.c
patch
|
blob
|
history
diff --git
a/librpc/rpc/dcerpc_connection.c
b/librpc/rpc/dcerpc_connection.c
index 93f0c68fe43a8eee0cefb3391300f7c7bfe5addb..f6449e733de24e1bcb545bbd986628ec8ef28897 100644
(file)
--- a/
librpc/rpc/dcerpc_connection.c
+++ b/
librpc/rpc/dcerpc_connection.c
@@
-605,6
+605,18
@@
static NTSTATUS dcerpc_check_pdu_auth(struct dcerpc_security *sec,
return status;
}
return status;
}
+ if (auth_info.auth_type != sec->auth_type) {
+ return NT_STATUS_RPC_PROTOCOL_ERROR;
+ }
+
+ if (auth_info.auth_level != sec->auth_level) {
+ return NT_STATUS_RPC_PROTOCOL_ERROR;
+ }
+
+ if (auth_info.auth_context_id != sec->context_id) {
+ return NT_STATUS_RPC_PROTOCOL_ERROR;
+ }
+
data = data_blob_const(raw_pkt->data + header_size,
pkt_trailer->length - auth_length);
full_pkt = data_blob_const(raw_pkt->data,
data = data_blob_const(raw_pkt->data + header_size,
pkt_trailer->length - auth_length);
full_pkt = data_blob_const(raw_pkt->data,
@@
-627,6
+639,9
@@
static NTSTATUS dcerpc_check_pdu_auth(struct dcerpc_security *sec,
full_pkt.data,
full_pkt.length,
&auth_info.credentials);
full_pkt.data,
full_pkt.length,
&auth_info.credentials);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
break;
case DCERPC_AUTH_LEVEL_INTEGRITY:
break;
case DCERPC_AUTH_LEVEL_INTEGRITY:
@@
-637,6
+652,9
@@
static NTSTATUS dcerpc_check_pdu_auth(struct dcerpc_security *sec,
full_pkt.data,
full_pkt.length,
&auth_info.credentials);
full_pkt.data,
full_pkt.length,
&auth_info.credentials);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
break;
default:
return NT_STATUS_INVALID_PARAMETER;
break;
default:
return NT_STATUS_INVALID_PARAMETER;