s4:rpc_server: check header of each packet fragment

Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

1 files changed, 13 insertions, 1 deletions

diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index 85274c9dbe0..67af3fc3d02 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -1041,7 +1041,19 @@ NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
 
 		if (call->pkt.ptype != call2->pkt.ptype) {
 			/* trying to play silly buggers are we? */
-			return dcesrv_fault(call2, DCERPC_FAULT_OTHER);
+			return dcesrv_fault(call2, DCERPC_NCA_S_PROTO_ERROR);
+		}
+		if (memcmp(call->pkt.drep, call2->pkt.drep, sizeof(pkt->drep)) != 0) {
+			return dcesrv_fault(call2, DCERPC_NCA_S_PROTO_ERROR);
+		}
+		if (call->pkt.call_id != call2->pkt.call_id) {
+			return dcesrv_fault(call2, DCERPC_NCA_S_PROTO_ERROR);
+		}
+		if (call->pkt.u.request.context_id != call2->pkt.u.request.context_id)  {
+			return dcesrv_fault(call2, DCERPC_NCA_S_PROTO_ERROR);
+		}
+		if (call->pkt.u.request.opnum != call2->pkt.u.request.opnum)  {
+			return dcesrv_fault(call2, DCERPC_NCA_S_PROTO_ERROR);
 		}
 
 		alloc_size = call->pkt.u.request.stub_and_verifier.length +