From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 15 Dec 2015 14:11:32 +0000 (+0100)
Subject: CVE-2016-2111: auth/gensec: require DCERPC_AUTH_LEVEL_INTEGRITY or higher in schannel... 
X-Git-Tag: samba-4.2.10~189
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2e11c70b3b92ed561880ad8a204ff092f4592f4d;p=thirdparty%2Fsamba.git

CVE-2016-2111: auth/gensec: require DCERPC_AUTH_LEVEL_INTEGRITY or higher in schannel_update()

It doesn't make any sense to allow other auth levels.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---

diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index ee23e77ace4..c2cfd3bc9de 100644
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -467,6 +467,16 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
 
 	*out = data_blob(NULL, 0);
 
+	if (gensec_security->dcerpc_auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) {
+		switch (gensec_security->gensec_role) {
+		case GENSEC_CLIENT:
+			return NT_STATUS_INVALID_PARAMETER_MIX;
+		case GENSEC_SERVER:
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
 	switch (gensec_security->gensec_role) {
 	case GENSEC_CLIENT:
 		if (state != NULL) {