From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 26 Jun 2015 06:10:46 +0000 (+0200)
Subject: CVE-2015-5370: s4:rpc_server: remove pointless dcesrv_find_context() from dcesrv_bind()
X-Git-Tag: samba-4.2.10~52
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9a527091486ef9dda9e754b1043e084113511597;p=thirdparty%2Fsamba.git

CVE-2015-5370: s4:rpc_server: remove pointless dcesrv_find_context() from dcesrv_bind()

BIND is the first pdu, which means the list of contexts is always empty.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---

diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index 6587318cdad..7721bc1f681 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -726,12 +726,6 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call)
 	}
 
 	context_id = call->pkt.u.bind.ctx_list[0].context_id;
-
-	/* you can't bind twice on one context */
-	if (dcesrv_find_context(call->conn, context_id) != NULL) {
-		return dcesrv_bind_nak(call, 0);
-	}
-
 	if_version = call->pkt.u.bind.ctx_list[0].abstract_syntax.if_version;
 	uuid = call->pkt.u.bind.ctx_list[0].abstract_syntax.uuid;