From: Jo Sutton <josutton@catalyst.net.nz>
Date: Tue, 28 May 2024 03:10:51 +0000 (+1200)
Subject: s3:rpc_server: Check function code according to MS-NRPC
X-Git-Tag: tdb-1.4.11~477
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8adbdbe50f7ac69cb815794d1c3d214bbac7c848;p=thirdparty%2Fsamba.git

s3:rpc_server: Check function code according to MS-NRPC

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15465
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Noel Power <noel.power@suse.com>
---

diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index 61471eadae0..c3d0d511f40 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -368,6 +368,12 @@ WERROR _netr_LogonControl2Ex(struct pipes_struct *p,
 		r->out.query->info1 = info1;
 		break;
 	case 2:
+		if (r->in.function_code != NETLOGON_CONTROL_REDISCOVER &&
+		    r->in.function_code != NETLOGON_CONTROL_TC_QUERY &&
+		    r->in.function_code != NETLOGON_CONTROL_TC_VERIFY)
+		{
+			return WERR_INVALID_PARAMETER;
+		}
 		info2 = talloc_zero(p->mem_ctx, struct netr_NETLOGON_INFO_2);
 		W_ERROR_HAVE_NO_MEMORY(info2);