bug in ntlmssp code
Luke Kenneth Casson Leighton
lkcl at samba-tng.org
Wed Sep 5 18:22:53 GMT 2001
On Tue, Sep 04, 2001 at 12:34:39PM -0700, Jeremy Allison wrote:
> Luke Kenneth Casson Leighton wrote:
> > the server-side ntlmssp api increments ntlmssp_seq_num
> > twice. this obviously isn't very good, but it gets
> > away with the first packet-exchange because the sequence
> > nuimber is correct - once and only once.
> > that's enough for one password change, btw, which is
> > what ntlmssp _mostly_ gets used for :)
> > so it's a bug, but not an issue - for now.
> Thanks for the heads-up, I'll take a look at this one !
btw, i'm doing an ntsecapi, i'm moving all of cli_pipe_ntlmssp.c
and srv_pipe_ntlmssp.c into a library (libntsecapi).
which is why i am finding bugs :)
the latest one is that someone changed the semantics of
prs_create from a use-the-data-and-size params to
*copy* the data of size length. see prs_create() in
srv_pipe_ntlmssp.c i've just fixed it...
More information about the samba-technical