svn commit: samba r12919 - in branches/SAMBA_4_0/source/auth/ntlmssp: .

abartlet at samba.org abartlet at samba.org
Fri Jan 13 23:08:20 GMT 2006


Author: abartlet
Date: 2006-01-13 23:08:20 +0000 (Fri, 13 Jan 2006)
New Revision: 12919

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12919

Log:
Ensure we never 'extend' the session key length, or fill in past the
length of the (possibly null) pointer.

In reality this should come to us either 16 or 0 bytes in length, but
this is the safest test.

This is bug 3401 in Samba3, thanks to Yau Lam Yiu <yiuext at cs.ust.hk>

Andrew Bartlett


Modified:
   branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c


Changeset:
Modified: branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c
===================================================================
--- branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c	2006-01-13 22:55:23 UTC (rev 12918)
+++ branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c	2006-01-13 23:08:20 UTC (rev 12919)
@@ -279,11 +279,15 @@
 
 void ntlmssp_weaken_keys(struct gensec_ntlmssp_state *gensec_ntlmssp_state) 
 {
+	/* Nothing to weaken.  We certainly don't want to 'extend' the length... */
+	if (!gensec_ntlmssp_state->session_key.length < 8) {
+		return;
+	}
+
 	/* Key weakening not performed on the master key for NTLM2
 	   and does not occour for NTLM1.  Therefore we only need
 	   to do this for the LM_KEY.  
 	*/
-
 	if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) {
 		if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) {
 			



More information about the samba-cvs mailing list