sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code
dd42681fe9
samba-mirror/source4/auth/ntlm
History
Gary Lockyer 4e624478dc s4 auth ntlm: Fix integer overflow in authsam_password_check_and_record 
Fix a ubsan detected integer overflow.
../../source4/auth/ntlm/auth_sam.c:445:56: runtime error:
     signed integer overflow: 60 * 600000000
     cannot be represented in type 'int'

In practice this meant that the default for the smb.conf parameter
"old password allowed period" was approximately 16 seconds, rather than
the intended 60 minutes. Similarly the value used would be 22.5 times
less than the value specified in smd.conf.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 13 23:52:38 UTC 2021 on sn-devel-184
2021-01-13 23:52:38 +00:00
..
auth_anonymous.c auth: Use DBGC_AUTH as DBGC_CLASS for AD DC NTLM auth code. 2018-05-21 23:48:18 +02:00
auth_developer.c lib/util: remove extra safe_string.h file 2020-08-28 02:18:40 +00:00
auth_sam.c s4 auth ntlm: Fix integer overflow in authsam_password_check_and_record 2021-01-13 23:52:38 +00:00
auth_server_service.c auth: Use DBGC_AUTH as DBGC_CLASS for AD DC NTLM auth code. 2018-05-21 23:48:18 +02:00
auth_simple.c auth auth_log: csbuild unused parm unix_username 2019-06-13 07:16:22 +00:00
auth_unix.c auth: Use DBGC_AUTH as DBGC_CLASS for AD DC NTLM auth code. 2018-05-21 23:48:18 +02:00
auth_util.c smbdes: convert E_P24() and SMBOWFencrypt to use gnutls 2019-12-10 00:30:30 +00:00
auth_winbind.c winbind: Generate and pass logon ID 2019-02-20 06:03:09 +01:00
auth.c auth: Fix a typo 2021-01-08 20:31:33 +00:00
wscript_build build: add missing crypt dependency for auth4_unix 2019-11-19 04:47:47 +00:00