2025-01-13 13:18:06 +03:00 · 2008-03-28 13:40:13 +01:00 · 2008-03-28 13:40:13 +01:00 · 33a8e9b537
commit 33a8e9b537
parent bfb001526f
1 changed files with 10 additions and 1 deletions
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@ -748,16 +748,24 @@ WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
 	struct MD5Context ctx;
 	uint32_t pwd_len;

-	DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
+	DATA_BLOB confounded_session_key;

 	int confounder_len = 8;
 	uint8_t confounder[8];

+	*pwd = NULL;
+
+	if (!pwd_buf) {
+		return WERR_BAD_PASSWORD;
+	}
+
 	if (session_key->length != 16) {
 		DEBUG(10,("invalid session key\n"));
 		return WERR_BAD_PASSWORD;
 	}

+	confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
+
 	memcpy(&confounder, &pwd_buf->data[0], confounder_len);
 	memcpy(&buffer, &pwd_buf->data[8], 516);

@ -769,6 +777,7 @@ WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
 	SamOEMhashBlob(buffer, 516, &confounded_session_key);

 	if (!decode_pw_buffer(mem_ctx, buffer, pwd, &pwd_len, STR_UNICODE)) {
+		data_blob_free(&confounded_session_key);
 		return WERR_BAD_PASSWORD;
 	}