1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_is_random_challenge() to avoid weak values

This is the check Windows is using, so we won't generate challenges,
which are rejected by Windows DCs (and future Samba DCs).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This commit is contained in:
Stefan Metzmacher 2020-09-16 16:15:26 +02:00
parent 74eb448adf
commit 53528c71ff
2 changed files with 23 additions and 1 deletions

View File

@ -33,10 +33,31 @@
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
bool netlogon_creds_is_random_challenge(const struct netr_Credential *challenge)
{
/*
* If none of the first 5 bytes of the client challenge is unique, the
* server MUST fail session-key negotiation without further processing
* of the following steps.
*/
if (challenge->data[1] == challenge->data[0] &&
challenge->data[2] == challenge->data[0] &&
challenge->data[3] == challenge->data[0] &&
challenge->data[4] == challenge->data[0])
{
return false;
}
return true;
}
void netlogon_creds_random_challenge(struct netr_Credential *challenge)
{
ZERO_STRUCTP(challenge);
generate_random_buffer(challenge->data, sizeof(challenge->data));
while (!netlogon_creds_is_random_challenge(challenge)) {
generate_random_buffer(challenge->data, sizeof(challenge->data));
}
}
static NTSTATUS netlogon_creds_step_crypt(struct netlogon_creds_CredentialState *creds,

View File

@ -13,6 +13,7 @@
/* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/credentials.c */
bool netlogon_creds_is_random_challenge(const struct netr_Credential *challenge);
void netlogon_creds_random_challenge(struct netr_Credential *challenge);
NTSTATUS netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds,