[SCM] Samba Shared Repository - branch master updated

Tue Jan 24 19:13:01 MST 2012

The branch, master has been updated
       via  9e6675e s3: improve the code in the AES encryption.
       via  fb235a3 s3: Fix bug #8674.
      from  4444612 s4-torture: For authenticated users, add AUTHENTICATED USERS sid

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 9e6675e8d04f503bec0d620654f86e18149fcf88
Author: Matthieu Patou <mat at matws.net>
Date:   Tue Jan 24 14:48:31 2012 -0800

    s3: improve the code in the AES encryption.
    
    Remove looping replace them by memcpy.
    
    Fix bug #8674 (Buffer overflow in vfs_smb_traffic_analyzer).
    
    Autobuild-User: Jeremy Allison <jra at samba.org>
    Autobuild-Date: Wed Jan 25 03:12:14 CET 2012 on sn-devel-104

commit fb235a3be6372e40ff7f7ebbcd7905a08cb04444
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Jan 24 14:41:30 2012 -0800

    s3: Fix bug #8674.
    
    Buffer overflow issue with AES encryption in samba traffic analyzer.

-----------------------------------------------------------------------

Summary of changes:
 source3/modules/vfs_smb_traffic_analyzer.c |   19 +++++++++----------
 1 files changed, 9 insertions(+), 10 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c
index 4d1ffbd..025fbbd 100644
--- a/source3/modules/vfs_smb_traffic_analyzer.c
+++ b/source3/modules/vfs_smb_traffic_analyzer.c
@@ -169,28 +169,27 @@ struct refcounted_sock {
 static char *smb_traffic_analyzer_encrypt( TALLOC_CTX *ctx,
 	const char *akey, const char *str, size_t *len)
 {
-	int s1,s2,h,d;
+	int s1,s2,h;
 	AES_KEY key;
 	unsigned char filler[17]= "................";
 	char *output;
-	unsigned char crypted[18];
 	if (akey == NULL) return NULL;
 	samba_AES_set_encrypt_key((const unsigned char *) akey, 128, &key);
 	s1 = strlen(str) / 16;
 	s2 = strlen(str) % 16;
-	for (h = 0; h < s2; h++) *(filler+h)=*(str+(s1*16)+h);
+	memcpy(filler, str + (s1*16), s2);
 	DEBUG(10, ("smb_traffic_analyzer_send_data_socket: created %s"
 		" as filling block.\n", filler));
-	output = talloc_array(ctx, char, (s1*16)+17 );
-	d=0;
+
+	*len = ((s1 + 1)*16);
+	output = talloc_array(ctx, char, *len);
 	for (h = 0; h < s1; h++) {
-		samba_AES_encrypt((const unsigned char *) str+(16*h), crypted, &key);
-		for (d = 0; d<16; d++) output[d+(16*h)]=crypted[d];
+		samba_AES_encrypt((unsigned char *) str+(16*h), output+16*h,
+			&key);
 	}
-	samba_AES_encrypt( (const unsigned char *) str+(16*h), filler, &key );
-	for (d = 0;d < 16; d++) output[d+(16*h)]=*(filler+d);
+	samba_AES_encrypt(filler, (const unsigned char *)(output+(16*h)), &key);
 	*len = (s1*16)+16;
-	return output;	
+	return output;
 }
 
 /**


-- 
Samba Shared Repository
