bug in ntlmssp code

Luke Kenneth Casson Leighton lkcl at samba-tng.org
Wed Sep 5 18:22:53 GMT 2001

On Tue, Sep 04, 2001 at 12:34:39PM -0700, Jeremy Allison wrote:
> Luke Kenneth Casson Leighton wrote:
> > 
> > the server-side ntlmssp api increments  ntlmssp_seq_num
> > twice.  this obviously isn't very good, but it gets
> > away with the first packet-exchange because the sequence
> > nuimber is correct - once and only once.
> > 
> > that's enough for one password change, btw, which is
> > what ntlmssp _mostly_ gets used for :)
> > 
> > so it's a bug, but not an issue - for now.
> Thanks for the heads-up, I'll take a look at this one !

ack! :)

btw, i'm doing an ntsecapi, i'm moving all of cli_pipe_ntlmssp.c
and srv_pipe_ntlmssp.c into a library (libntsecapi).

which is why i am finding bugs :)

the latest one is that someone changed the semantics of
prs_create from a use-the-data-and-size params to
*copy* the data of size length.  see prs_create() in
srv_pipe_ntlmssp.c  i've just fixed it...

*sigh* :)

More information about the samba-technical mailing list