sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-11 16:58:40 +03:00
Code

CVE-2022-37966 auth/credentials: Allow specifying password to cli_credentials_get_aes256_key()

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

[This is 4.15 only]
This commit is contained in:
Joseph Sutton 2022-11-25 11:48:41 +13:00 committed by Stefan Metzmacher
parent eefa553205
commit 590228fd72
2 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
auth/credentials/credentials.h
View File

@ -347,6 +347,7 @@ NTSTATUS netlogon_creds_session_encrypt(
int cli_credentials_get_aes256_key(struct cli_credentials *cred,
TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
const char *password,
const char *salt,
DATA_BLOB *aes_256);

7
auth/credentials/credentials_krb5.c
View File

@ -1462,13 +1462,13 @@ _PUBLIC_ void cli_credentials_set_target_service(struct cli_credentials *cred, c
_PUBLIC_ int cli_credentials_get_aes256_key(struct cli_credentials *cred,
TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
const char *password,
const char *salt,
DATA_BLOB *aes_256)
{
struct smb_krb5_context *smb_krb5_context = NULL;
krb5_error_code krb5_ret;
int ret;
const char *password = NULL;
krb5_data cleartext_data;
krb5_data salt_data;
krb5_keyblock key;
@ -1478,11 +1478,6 @@ _PUBLIC_ int cli_credentials_get_aes256_key(struct cli_credentials *cred,
return EINVAL;
}
password = cli_credentials_get_password(cred);
if (password == NULL) {
return EINVAL;
}
cleartext_data.data = discard_const_p(char, password);
cleartext_data.length = strlen(password);