From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 27 Jun 2015 08:31:48 +0000 (+0200)
Subject: CVE-2015-5370: s4:librpc/rpc: avoid using hs->p->conn->security_state.auth_info in... 
X-Git-Tag: samba-4.2.10~88
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=045e9b454bcbe20db4d6434fb66f870c1353675f;p=thirdparty%2Fsamba.git

CVE-2015-5370: s4:librpc/rpc: avoid using hs->p->conn->security_state.auth_info in dcerpc_bh_auth_info()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---

diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index 1f5213f2873..854a956f257 100644
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -225,12 +225,8 @@ static void dcerpc_bh_auth_info(struct dcerpc_binding_handle *h,
 		return;
 	}
 
-	if (hs->p->conn->security_state.auth_info == NULL) {
-		return;
-	}
-
-	*auth_type = hs->p->conn->security_state.auth_info->auth_type;
-	*auth_level = hs->p->conn->security_state.auth_info->auth_level;
+	*auth_type = hs->p->conn->security_state.auth_type;
+	*auth_level = hs->p->conn->security_state.auth_level;
 }
 
 struct dcerpc_bh_raw_call_state {