1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-15 23:24:37 +03:00

fix WinXP & Win2K3 remote_arch and check pointer in ntlmssp code before dereferencing

This commit is contained in:
Gerald Carter -
parent d81b0d2690
commit 2487480228
3 changed files with 37 additions and 19 deletions

View File

@ -85,6 +85,7 @@ PIDDIR = @piddir@
# man pages language(s)
man_langs = "@manlangs@"
LIBSMBCLIENT=bin/libsmbclient.a @LIBSMBCLIENT_SHARED@
LIBSMBCLIENT_MAJOR=0
LIBSMBCLIENT_MINOR=1
@ -897,7 +898,7 @@ bin/libbigballofmud.a: $(LIBBIGBALLOFMUD_OBJS)
@echo Linking bigballofmud non-shared library $@
-$(AR) -rc $@ $(LIBBIGBALLOFMUD_OBJS)
libsmbclient: bin/libsmbclient.a @LIBSMBCLIENT_SHARED@
libsmbclient: $(LIBSMBCLIENT)
bin/librpc_lsarpc.@SHLIBEXT@: $(RPC_LSA_OBJ)
@echo "Linking $@"
@ -1135,7 +1136,7 @@ TOPFILES=dynconfig.o dynconfig.po
clean: delheaders python_clean
-rm -f core */*~ *~ */*.o */*.po */*.po32 */*.@SHLIBEXT@ \
$(TOPFILES) $(BIN_PROGS) $(SBIN_PROGS) $(MODULES) $(TORTURE_PROGS) .headers.stamp
$(TOPFILES) $(BIN_PROGS) $(SBIN_PROGS) $(MODULES) $(TORTURE_PROGS) $(LIBSMBCLIENT) .headers.stamp
# Making this target will just make sure that the prototype files
# exist, not necessarily that they are up to date. Since they're

View File

@ -1740,6 +1740,22 @@ BOOL is_myworkgroup(const char *s)
return(ret);
}
/*******************************************************************
we distinguish between 2K and XP by the "Native Lan Manager" string
WinXP => "Windows 2002 5.1"
Win2k => "Windows 2000 5.0"
NT4 => "Windows NT 4.0"
Win9x => "Windows 4.0"
********************************************************************/
void ra_lanman_string( const char *native_lanman )
{
if ( 0 == strcmp( native_lanman, "Windows 2002 5.1" ) )
set_remote_arch( RA_WINXP );
else if ( 0 == strcmp( native_lanman, "Windows .NET 5.2" ) )
set_remote_arch( RA_WIN2K3 );
}
/*******************************************************************
Set the horrid remote_arch string based on an enum.
********************************************************************/

View File

@ -396,8 +396,10 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
if ( global_ntlmssp_state ) {
nt_status = auth_ntlmssp_update(global_ntlmssp_state,
auth, &auth_reply);
}
data_blob_free(&auth);
@ -422,6 +424,10 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf,
DATA_BLOB blob1;
int ret;
size_t bufrem;
fstring native_os, native_lanman;
char *p2;
uint16 data_blob_len = SVAL(inbuf, smb_vwv7);
enum remote_arch_types ra_type = get_remote_arch();
DEBUG(3,("Doing spnego session setup\n"));
@ -431,19 +437,27 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf,
p = (uint8 *)smb_buf(inbuf);
if (SVAL(inbuf, smb_vwv7) == 0) {
if (data_blob_len == 0) {
/* an invalid request */
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
bufrem = smb_bufrem(inbuf, p);
/* pull the spnego blob */
blob1 = data_blob(p, MIN(bufrem, SVAL(inbuf, smb_vwv7)));
blob1 = data_blob(p, MIN(bufrem, data_blob_len));
#if 0
file_save("negotiate.dat", blob1.data, blob1.length);
#endif
p2 = inbuf + smb_vwv13 + data_blob_len;
p2 += srvstr_pull_buf(inbuf, native_os, p2, sizeof(native_os), STR_TERMINATE);
p2 += srvstr_pull_buf(inbuf, native_lanman, p2, sizeof(native_lanman), STR_TERMINATE);
DEBUG(3,("NativeOS=[%s] NativeLanMan=[%s]\n", native_os, native_lanman));
if ( ra_type == RA_WIN2K )
ra_lanman_string( native_lanman );
if (blob1.data[0] == ASN1_APPLICATION(0)) {
/* its a negTokenTarg packet */
ret = reply_spnego_negotiate(conn, inbuf, outbuf, length, bufsize, blob1);
@ -606,21 +620,8 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
DEBUG(3,("Domain=[%s] NativeOS=[%s] NativeLanMan=[%s]\n",
domain,native_os,native_lanman));
/*
* we distinguish between 2K and XP by the "Native Lan Manager" string
* WinXP => "Windows 2002 5.1"
* Win2k => "Windows 2000 5.0"
* NT4 => "Windows NT 4.0"
* Win9x => "Windows 4.0"
*/
if ( ra_type == RA_WIN2K ) {
if ( 0 == strcmp( native_lanman, "Windows 2002 5.1" ) )
set_remote_arch( RA_WINXP );
else if ( 0 == strcmp( native_lanman, "Windows .NET 5.2" ) )
set_remote_arch( RA_WIN2K3 );
}
if ( ra_type == RA_WIN2K )
ra_lanman_string( native_lanman );
}