sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-11-28 12:23:49 +03:00
Code Activity

r12919: Ensure we never 'extend' the session key length, or fill in past the

Browse Source 
length of the (possibly null) pointer.

In reality this should come to us either 16 or 0 bytes in length, but
this is the safest test.

This is bug 3401 in Samba3, thanks to Yau Lam Yiu <yiuext at cs.ust.hk>

Andrew Bartlett
This commit is contained in:
Andrew Bartlett
2006-01-13 23:08:20 +00:00
committed by Gerald (Jerry) Carter
parent e13cb0ab17
commit f3aa702944
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
source/auth/ntlmssp/ntlmssp.c
View File

@@ -279,11 +279,15 @@ void ntlmssp_handle_neg_flags(struct gensec_ntlmssp_state *gensec_ntlmssp_state,
void ntlmssp_weaken_keys(struct gensec_ntlmssp_state *gensec_ntlmssp_state) void ntlmssp_weaken_keys(struct gensec_ntlmssp_state *gensec_ntlmssp_state)
{ {
/* Nothing to weaken. We certainly don't want to 'extend' the length... */
if (!gensec_ntlmssp_state->session_key.length < 8) {
return;
}
/* Key weakening not performed on the master key for NTLM2 /* Key weakening not performed on the master key for NTLM2
and does not occour for NTLM1. Therefore we only need and does not occour for NTLM1. Therefore we only need
to do this for the LM_KEY. to do this for the LM_KEY.
*/ */
if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) { if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) {
if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) { if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) {