sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

Remove unused parameter from decode_pw_buffer and fail on invalid

Browse Source 
UTF-16 input

The input checking is important, as otherwise we could set the wrong
password.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2008-09-22 17:50:43 -07:00
parent aaa45c8325
commit c39d1b829b
3 changed files with 14 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
source4/libcli/auth/smbencrypt.c
View File

@ -497,10 +497,10 @@ bool encode_pw_buffer(uint8_t buffer[516], const char *password, int string_flag
returned password including termination.
************************************************************/
bool decode_pw_buffer(uint8_t in_buffer[516], char *new_pwrd,
int new_pwrd_size, uint32_t *new_pw_len,
int string_flags)
int new_pwrd_size, int string_flags)
{
int byte_len=0;
ssize_t converted_pw_len;
/* the incoming buffer can be any alignment. */
string_flags |= STR_NOALIGN;
@ -526,13 +526,17 @@ bool decode_pw_buffer(uint8_t in_buffer[516], char *new_pwrd,
}
/* decode into the return buffer. Buffer length supplied */
*new_pw_len = pull_string(lp_iconv_convenience(global_loadparm), new_pwrd, &in_buffer[512 - byte_len], new_pwrd_size,
converted_pw_len = pull_string(lp_iconv_convenience(global_loadparm), new_pwrd, &in_buffer[512 - byte_len], new_pwrd_size,
byte_len, string_flags);
if (converted_pw_len == -1) {
return false;
}
#ifdef DEBUG_PASSWORD
DEBUG(100,("decode_pw_buffer: new_pwrd: "));
dump_data(100, (const uint8_t *)new_pwrd, *new_pw_len);
DEBUG(100,("multibyte len:%d\n", *new_pw_len));
dump_data(100, (const uint8_t *)new_pwrd, converted_pw_len);
DEBUG(100,("multibyte len:%d\n", converted_pw_len));
DEBUG(100,("original char len:%d\n", byte_len/2));
#endif

3
source4/rpc_server/netlogon/dcerpc_netlogon.c
View File

@ -337,7 +337,6 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal
struct ldb_context *sam_ctx;
NTSTATUS nt_status;
char new_pass[512];
uint32_t new_pass_len;
bool ret;
struct samr_CryptPassword password_buf;
@ -358,7 +357,7 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal
creds_arcfour_crypt(creds, password_buf.data, 516);
ret = decode_pw_buffer(password_buf.data, new_pass, sizeof(new_pass),
&new_pass_len, STR_UNICODE);
STR_UNICODE);
if (!ret) {
DEBUG(3,("netr_ServerPasswordSet2: failed to decode password buffer\n"));
return NT_STATUS_ACCESS_DENIED;

10
source4/rpc_server/samr/samr_password.c
View File

@ -243,7 +243,7 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
data_blob_free(&lm_pwd_blob);
if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
&new_pass_len, STR_ASCII)) {
STR_ASCII)) {
ldb_transaction_cancel(sam_ctx);
DEBUG(3,("samr: failed to decode password buffer\n"));
return NT_STATUS_WRONG_PASSWORD;
@ -321,7 +321,6 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
{
NTSTATUS status;
char new_pass[512];
uint32_t new_pass_len;
struct ldb_context *sam_ctx = NULL;
struct ldb_dn *user_dn;
int ret;
@ -386,7 +385,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
data_blob_free(&nt_pwd_blob);
if (!decode_pw_buffer(r->in.nt_password->data, new_pass, sizeof(new_pass),
&new_pass_len, STR_UNICODE)) {
STR_UNICODE)) {
DEBUG(3,("samr: failed to decode password buffer\n"));
status = NT_STATUS_WRONG_PASSWORD;
goto failed;
@ -519,7 +518,6 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
{
NTSTATUS nt_status;
char new_pass[512];
uint32_t new_pass_len;
DATA_BLOB session_key = data_blob(NULL, 0);
nt_status = dcesrv_fetch_session_key(dce_call->conn, &session_key);
@ -530,7 +528,7 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
arcfour_crypt_blob(pwbuf->data, 516, &session_key);
if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
&new_pass_len, STR_UNICODE)) {
STR_UNICODE)) {
DEBUG(3,("samr: failed to decode password buffer\n"));
return NT_STATUS_WRONG_PASSWORD;
}
@ -583,7 +581,7 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
arcfour_crypt_blob(pwbuf->data, 516, &co_session_key);
if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
&new_pass_len, STR_UNICODE)) {
STR_UNICODE)) {
DEBUG(3,("samr: failed to decode password buffer\n"));
return NT_STATUS_WRONG_PASSWORD;
}