From 8adbdbe50f7ac69cb815794d1c3d214bbac7c848 Mon Sep 17 00:00:00 2001
From: Jo Sutton <josutton@catalyst.net.nz>
Date: Tue, 28 May 2024 15:10:51 +1200
Subject: [PATCH] s3:rpc_server: Check function code according to MS-NRPC

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15465
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Noel Power <noel.power@suse.com>
---
 source3/rpc_server/netlogon/srv_netlog_nt.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index 61471eadae0..c3d0d511f40 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -368,6 +368,12 @@ WERROR _netr_LogonControl2Ex(struct pipes_struct *p,
 		r->out.query->info1 = info1;
 		break;
 	case 2:
+		if (r->in.function_code != NETLOGON_CONTROL_REDISCOVER &&
+		    r->in.function_code != NETLOGON_CONTROL_TC_QUERY &&
+		    r->in.function_code != NETLOGON_CONTROL_TC_VERIFY)
+		{
+			return WERR_INVALID_PARAMETER;
+		}
 		info2 = talloc_zero(p->mem_ctx, struct netr_NETLOGON_INFO_2);
 		W_ERROR_HAVE_NO_MEMORY(info2);
 
-- 
2.47.3