r5877: It is not an error to have a zero-length secret, after decryption.

Andrew Bartlett

source/libcli/auth/session.c

@@ -178,6 +178,8 @@ NTSTATUS sess_decrypt_blob(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const DAT
 	int slen;
 
 	if (blob->length < 8) {
+		DEBUG(0, ("Unexpected length %d in session crypted secret (BLOB)\n",
+			  blob->length));
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 	
@@ -189,19 +191,19 @@ NTSTATUS sess_decrypt_blob(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const DAT
 	sess_crypt_blob(&out, blob, session_key, False);
 
 	if (IVAL(out.data, 4) != 1) {
-		DEBUG(0,("Unexpected revision number %d in session crypted string\n",
+		DEBUG(0,("Unexpected revision number %d in session crypted secret (BLOB)\n",
 			 IVAL(out.data, 4)));
 		return NT_STATUS_UNKNOWN_REVISION;
 	}
 		
 	slen = IVAL(out.data, 0);
 	if (slen > blob->length - 8) {
-		DEBUG(0,("Invalid crypt length %d\n", slen));
+		DEBUG(0,("Invalid crypt length %d in session crypted secret (BLOB)\n", slen));
 		return NT_STATUS_WRONG_PASSWORD;
 	}
 
 	*ret = data_blob_talloc(mem_ctx, out.data+8, slen);
-	if (!ret->data) {
+	if (slen && !ret->data) {
 		return NT_STATUS_NO_MEMORY;
 	}