From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 7 Aug 2015 11:33:17 +0000 (+0200)
Subject: CVE-2016-2111: s4:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validati... 
X-Git-Tag: samba-4.2.10~185
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=40397d1764ebec2c5cba9cd43bfae2e4c12329d8;p=thirdparty%2Fsamba.git

CVE-2016-2111: s4:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 045908882d3..0523dd4f0bb 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -904,6 +904,16 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
 		break;
 
 	case 6:
+		if (dce_call->conn->auth_state.auth_info == NULL) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		if (dce_call->conn->auth_state.auth_info->auth_level !=
+		    DCERPC_AUTH_LEVEL_PRIVACY)
+		{
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
 		nt_status = auth_convert_user_info_dc_saminfo3(mem_ctx,
 							   user_info_dc,
 							   &sam3);