mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_is_random_challenge() to avoid weak values
This is the check Windows is using, so we won't generate challenges, which are rejected by Windows DCs (and future Samba DCs). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This commit is contained in:
parent
74eb448adf
commit
53528c71ff
@ -33,10 +33,31 @@
|
||||
#include <gnutls/gnutls.h>
|
||||
#include <gnutls/crypto.h>
|
||||
|
||||
bool netlogon_creds_is_random_challenge(const struct netr_Credential *challenge)
|
||||
{
|
||||
/*
|
||||
* If none of the first 5 bytes of the client challenge is unique, the
|
||||
* server MUST fail session-key negotiation without further processing
|
||||
* of the following steps.
|
||||
*/
|
||||
|
||||
if (challenge->data[1] == challenge->data[0] &&
|
||||
challenge->data[2] == challenge->data[0] &&
|
||||
challenge->data[3] == challenge->data[0] &&
|
||||
challenge->data[4] == challenge->data[0])
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
void netlogon_creds_random_challenge(struct netr_Credential *challenge)
|
||||
{
|
||||
ZERO_STRUCTP(challenge);
|
||||
generate_random_buffer(challenge->data, sizeof(challenge->data));
|
||||
while (!netlogon_creds_is_random_challenge(challenge)) {
|
||||
generate_random_buffer(challenge->data, sizeof(challenge->data));
|
||||
}
|
||||
}
|
||||
|
||||
static NTSTATUS netlogon_creds_step_crypt(struct netlogon_creds_CredentialState *creds,
|
||||
|
@ -13,6 +13,7 @@
|
||||
|
||||
/* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/credentials.c */
|
||||
|
||||
bool netlogon_creds_is_random_challenge(const struct netr_Credential *challenge);
|
||||
void netlogon_creds_random_challenge(struct netr_Credential *challenge);
|
||||
|
||||
NTSTATUS netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds,
|
||||
|
Loading…
Reference in New Issue
Block a user