CVE-2016-2111: s4:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validati...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 045908882d3f0920230766cd5febcbf3c2c73253..0523dd4f0bb1a5a033d51fef908fb4c96ec61eac 100644 (file)
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -904,6 +904,16 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
                break;
 
        case 6:
+               if (dce_call->conn->auth_state.auth_info == NULL) {
+                       return NT_STATUS_INVALID_PARAMETER;
+               }
+
+               if (dce_call->conn->auth_state.auth_info->auth_level !=
+                   DCERPC_AUTH_LEVEL_PRIVACY)
+               {
+                       return NT_STATUS_INVALID_PARAMETER;
+               }
+
                nt_status = auth_convert_user_info_dc_saminfo3(mem_ctx,
                                                           user_info_dc,
                                                           &sam3);