mirror of
https://github.com/samba-team/samba.git
synced 2025-11-22 16:23:49 +03:00
r12919: Ensure we never 'extend' the session key length, or fill in past the
length of the (possibly null) pointer. In reality this should come to us either 16 or 0 bytes in length, but this is the safest test. This is bug 3401 in Samba3, thanks to Yau Lam Yiu <yiuext at cs.ust.hk> Andrew Bartlett
This commit is contained in:
Andrew Bartlett
committed by
Gerald (Jerry) Carter
Gerald (Jerry) Carter
parent
e13cb0ab17
commit
f3aa702944
@@ -279,11 +279,15 @@ void ntlmssp_handle_neg_flags(struct gensec_ntlmssp_state *gensec_ntlmssp_state,
|
||||
|
||||
void ntlmssp_weaken_keys(struct gensec_ntlmssp_state *gensec_ntlmssp_state)
|
||||
{
|
||||
/* Nothing to weaken. We certainly don't want to 'extend' the length... */
|
||||
if (!gensec_ntlmssp_state->session_key.length < 8) {
|
||||
return;
|
||||
}
|
||||
|
||||
/* Key weakening not performed on the master key for NTLM2
|
||||
and does not occour for NTLM1. Therefore we only need
|
||||
to do this for the LM_KEY.
|
||||
*/
|
||||
|
||||
if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) {
|
||||
if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) {
|
||||
|
||||
|
||||
Reference in New Issue
Block a user