1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00

CVE-2022-2031 s4:kpasswd: Don't return AP-REP on failure

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

[jsutton@samba.org Removed MIT KDC 1.20-specific knownfails]
This commit is contained in:
Joseph Sutton 2022-05-18 16:48:59 +12:00 committed by Jule Anger
parent 705e7ff46d
commit 63d6af6ed7
2 changed files with 2 additions and 1 deletions

View File

@ -548,7 +548,6 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
# Kpasswd tests
#
^samba.tests.krb5.kpasswd_tests.samba.tests.krb5.kpasswd_tests.KpasswdTests.test_kpasswd_canonicalize_realm_case.ad_dc
^samba.tests.krb5.kpasswd_tests.samba.tests.krb5.kpasswd_tests.KpasswdTests.test_kpasswd_empty.ad_dc
^samba.tests.krb5.kpasswd_tests.samba.tests.krb5.kpasswd_tests.KpasswdTests.test_kpasswd_no_canonicalize_realm_case.ad_dc
^samba.tests.krb5.kpasswd_tests.samba.tests.krb5.kpasswd_tests.KpasswdTests.test_kpasswd_non_initial.ad_dc
^samba.tests.krb5.kpasswd_tests.samba.tests.krb5.kpasswd_tests.KpasswdTests.test_kpasswd_ticket_lifetime.ad_dc

View File

@ -256,6 +256,7 @@ kdc_code kpasswd_process(struct kdc_server *kdc,
&kpasswd_dec_reply,
&error_string);
if (code != 0) {
ap_rep_blob = data_blob_null;
error_code = code;
goto reply;
}
@ -265,6 +266,7 @@ kdc_code kpasswd_process(struct kdc_server *kdc,
&kpasswd_dec_reply,
&enc_data_blob);
if (!NT_STATUS_IS_OK(status)) {
ap_rep_blob = data_blob_null;
error_code = KRB5_KPASSWD_HARDERROR;
error_string = talloc_asprintf(tmp_ctx,
"gensec_wrap failed - %s\n",