From 49379e498c885f998d0a1ed75374f6c2b78edc97 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 8 Jul 2015 00:01:37 +0200
Subject: [PATCH] CVE-2015-5370: s3:librpc/rpc: verify auth_context_id in
 dcerpc_check_auth()
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---
 source3/librpc/rpc/dcerpc_helpers.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
index c030f7910d7..aab43a1abd4 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -515,6 +515,10 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
+	if (auth_info.auth_context_id != auth->auth_context_id) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
 	pkt_trailer->length -= auth_length;
 	data = data_blob_const(raw_pkt->data + header_size,
 			       pkt_trailer->length);
-- 
2.11.4.GIT