mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
libcli/smb: let smb2_signing_decrypt_pdu() cope with gnutls_aead_cipher_decrypt() ptext_len bug
The initial implementation of gnutls_aead_cipher_decrypt() had a bug and used: *ptext_len = ctext_len; instead of: *ptext_len = ctext_len - tag_size; This got fixed with gnutls 3.5.2. As we only require gnutls 3.4.7 we need to cope with this... BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Feb 2 18:29:08 UTC 2022 on sn-devel-184
This commit is contained in:
parent
99182af4ab
commit
735f3d7dde
@ -1257,6 +1257,21 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key,
|
|||||||
status = gnutls_error_to_ntstatus(rc, NT_STATUS_INTERNAL_ERROR);
|
status = gnutls_error_to_ntstatus(rc, NT_STATUS_INTERNAL_ERROR);
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
#ifdef HAVE_GNUTLS_AEAD_CIPHER_DECRYPT_PTEXT_LEN_BUG
|
||||||
|
/*
|
||||||
|
* Note that gnutls before 3.5.2 had a bug and returned
|
||||||
|
* *ptext_len = ctext_len, instead of
|
||||||
|
* *ptext_len = ctext_len - tag_size
|
||||||
|
*/
|
||||||
|
if (ptext_size != ctext_size) {
|
||||||
|
TALLOC_FREE(ptext);
|
||||||
|
TALLOC_FREE(ctext);
|
||||||
|
rc = GNUTLS_E_SHORT_MEMORY_BUFFER;
|
||||||
|
status = gnutls_error_to_ntstatus(rc, NT_STATUS_INTERNAL_ERROR);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
ptext_size -= tag_size;
|
||||||
|
#endif /* HAVE_GNUTLS_AEAD_CIPHER_DECRYPT_PTEXT_LEN_BUG */
|
||||||
if (ptext_size != m_total) {
|
if (ptext_size != m_total) {
|
||||||
TALLOC_FREE(ptext);
|
TALLOC_FREE(ptext);
|
||||||
TALLOC_FREE(ctext);
|
TALLOC_FREE(ctext);
|
||||||
|
@ -44,6 +44,9 @@ if (gnutls_version > parse_version('3.6.10')):
|
|||||||
if (gnutls_version > parse_version('3.6.14')):
|
if (gnutls_version > parse_version('3.6.14')):
|
||||||
conf.DEFINE('ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_CCM', 1)
|
conf.DEFINE('ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_CCM', 1)
|
||||||
|
|
||||||
|
if (gnutls_version < parse_version('3.5.2')):
|
||||||
|
conf.DEFINE('HAVE_GNUTLS_AEAD_CIPHER_DECRYPT_PTEXT_LEN_BUG', 1)
|
||||||
|
|
||||||
# Check if gnutls has fips mode support
|
# Check if gnutls has fips mode support
|
||||||
# gnutls_fips140_mode_enabled() is available since 3.3.0
|
# gnutls_fips140_mode_enabled() is available since 3.3.0
|
||||||
fragment = '''
|
fragment = '''
|
||||||
|
Loading…
Reference in New Issue
Block a user