sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code

s3:ntlmssp Fix segfault: msrpc_gen now uses talloc()

Browse Source
This commit is contained in:
Andrew Bartlett 2009-04-20 05:19:48 +10:00
parent 34193cffc0
commit 0c771bfc70
1 changed files with 8 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
source3/libsmb/ntlmssp.c
View File

@ -644,9 +644,6 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
uchar session_nonce_hash[16]; uchar session_nonce_hash[16];
const char *parse_string; const char *parse_string;
char *domain = NULL;
char *user = NULL;
char *workstation = NULL;
/* parse the NTLMSSP packet */ /* parse the NTLMSSP packet */
*reply = data_blob_null; *reply = data_blob_null;
@ -669,20 +666,16 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
ntlmssp_state->workstation = NULL; ntlmssp_state->workstation = NULL;
/* now the NTLMSSP encoded auth hashes */ /* now the NTLMSSP encoded auth hashes */
if (!msrpc_parse(NULL, &request, parse_string, if (!msrpc_parse(ntlmssp_state, &request, parse_string,
"NTLMSSP", "NTLMSSP",
&ntlmssp_command, &ntlmssp_command,
&ntlmssp_state->lm_resp, &ntlmssp_state->lm_resp,
&ntlmssp_state->nt_resp, &ntlmssp_state->nt_resp,
&domain, &ntlmssp_state->domain,
&user, &ntlmssp_state->user,
&workstation, &ntlmssp_state->workstation,
&encrypted_session_key, &encrypted_session_key,
&auth_flags)) { &auth_flags)) {
SAFE_FREE(domain);
SAFE_FREE(user);
SAFE_FREE(workstation);
data_blob_free(&encrypted_session_key);
auth_flags = 0; auth_flags = 0;
/* Try again with a shorter string (Win9X truncates this packet) */ /* Try again with a shorter string (Win9X truncates this packet) */
@ -693,19 +686,16 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
} }
/* now the NTLMSSP encoded auth hashes */ /* now the NTLMSSP encoded auth hashes */
if (!msrpc_parse(NULL, &request, parse_string, if (!msrpc_parse(ntlmssp_state, &request, parse_string,
"NTLMSSP", "NTLMSSP",
&ntlmssp_command, &ntlmssp_command,
&ntlmssp_state->lm_resp, &ntlmssp_state->lm_resp,
&ntlmssp_state->nt_resp, &ntlmssp_state->nt_resp,
&domain, &ntlmssp_state->domain,
&user, &ntlmssp_state->user,
&workstation)) { &ntlmssp_state->workstation)) {
DEBUG(1, ("ntlmssp_server_auth: failed to parse NTLMSSP (tried both formats):\n")); DEBUG(1, ("ntlmssp_server_auth: failed to parse NTLMSSP (tried both formats):\n"));
dump_data(2, request.data, request.length); dump_data(2, request.data, request.length);
SAFE_FREE(domain);
SAFE_FREE(user);
SAFE_FREE(workstation);
return NT_STATUS_INVALID_PARAMETER; return NT_STATUS_INVALID_PARAMETER;
} }
@ -714,34 +704,6 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
if (auth_flags) if (auth_flags)
ntlmssp_handle_neg_flags(ntlmssp_state, auth_flags, lp_lanman_auth()); ntlmssp_handle_neg_flags(ntlmssp_state, auth_flags, lp_lanman_auth());
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_domain(ntlmssp_state, domain))) {
SAFE_FREE(domain);
SAFE_FREE(user);
SAFE_FREE(workstation);
data_blob_free(&encrypted_session_key);
return nt_status;
}
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state, user))) {
SAFE_FREE(domain);
SAFE_FREE(user);
SAFE_FREE(workstation);
data_blob_free(&encrypted_session_key);
return nt_status;
}
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_workstation(ntlmssp_state, workstation))) {
SAFE_FREE(domain);
SAFE_FREE(user);
SAFE_FREE(workstation);
data_blob_free(&encrypted_session_key);
return nt_status;
}
SAFE_FREE(domain);
SAFE_FREE(user);
SAFE_FREE(workstation);
DEBUG(3,("Got user=[%s] domain=[%s] workstation=[%s] len1=%lu len2=%lu\n", DEBUG(3,("Got user=[%s] domain=[%s] workstation=[%s] len1=%lu len2=%lu\n",
ntlmssp_state->user, ntlmssp_state->domain, ntlmssp_state->workstation, (unsigned long)ntlmssp_state->lm_resp.length, (unsigned long)ntlmssp_state->nt_resp.length)); ntlmssp_state->user, ntlmssp_state->domain, ntlmssp_state->workstation, (unsigned long)ntlmssp_state->lm_resp.length, (unsigned long)ntlmssp_state->nt_resp.length));