possible bug in chgpasswd.c/smbdes.c

Simo Sorce idra at samba.org
Thu Jul 19 10:23:37 GMT 2001

Seem that check_oem_password function in smbd/chgpasswd.c calls SamOEMhash function in libsmb/smbdes.c with a val of 516 an this may be a bug in either check_oem_password or SamOEMhash.
The last for cicle in SamOEMhash increments ind and index_i from 0 to 516, but
s_box[] indexed by index_i is only 256 chars long.
So I think index_i goes out of buffer boundaries at half the for cicle, and
we also modify that region.
This function seem to be called only when syncing unix passwords when changing password.
can anyone confirm it?
or have I missed something?

Simo Sorce       idra at samba.org
Samba Team http://www.samba.org

More information about the samba-technical mailing list