From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 27 Jun 2015 08:31:48 +0000 (+0200)
Subject: CVE-2015-5370: s4:librpc/rpc: avoid dereferencing sec->auth_info in dcerpc_request_pr... 
X-Git-Tag: samba-4.2.10~85
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e5a4d9aadb2876f8c9ad18590ac92d756efb8ba1;p=thirdparty%2Fsamba.git

CVE-2015-5370: s4:librpc/rpc: avoid dereferencing sec->auth_info in dcerpc_request_prepare_vt()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---

diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index 01fc8e5fb20..0a37509bd28 100644
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -1639,11 +1639,7 @@ static NTSTATUS dcerpc_request_prepare_vt(struct rpc_request *req)
 	struct ndr_push *ndr = NULL;
 	enum ndr_err_code ndr_err;
 
-	if (sec->auth_info == NULL) {
-		return NT_STATUS_OK;
-	}
-
-	if (sec->auth_info->auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) {
+	if (sec->auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) {
 		return NT_STATUS_OK;
 	}