svn commit: samba r12919 - in
branches/SAMBA_4_0/source/auth/ntlmssp: .
abartlet at samba.org
abartlet at samba.org
Fri Jan 13 23:08:20 GMT 2006
Author: abartlet
Date: 2006-01-13 23:08:20 +0000 (Fri, 13 Jan 2006)
New Revision: 12919
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12919
Log:
Ensure we never 'extend' the session key length, or fill in past the
length of the (possibly null) pointer.
In reality this should come to us either 16 or 0 bytes in length, but
this is the safest test.
This is bug 3401 in Samba3, thanks to Yau Lam Yiu <yiuext at cs.ust.hk>
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c
Changeset:
Modified: branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c
===================================================================
--- branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c 2006-01-13 22:55:23 UTC (rev 12918)
+++ branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c 2006-01-13 23:08:20 UTC (rev 12919)
@@ -279,11 +279,15 @@
void ntlmssp_weaken_keys(struct gensec_ntlmssp_state *gensec_ntlmssp_state)
{
+ /* Nothing to weaken. We certainly don't want to 'extend' the length... */
+ if (!gensec_ntlmssp_state->session_key.length < 8) {
+ return;
+ }
+
/* Key weakening not performed on the master key for NTLM2
and does not occour for NTLM1. Therefore we only need
to do this for the LM_KEY.
*/
-
if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) {
if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) {
More information about the samba-cvs
mailing list