diff options
author | Stefan Metzmacher <metze@samba.org> | 2011-09-13 21:14:05 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2011-09-15 12:12:26 +0200 |
commit | a1e2affd0fed1efba7f4b892e7b9abfa01abc2c8 (patch) | |
tree | 993de33fda49555f2afad61103a60cd8546a4b32 | |
parent | 4a79d213c25c3708bbdb905ebc1e677ba50fe154 (diff) | |
download | samba-a1e2affd0fed1efba7f4b892e7b9abfa01abc2c8.tar.gz samba-a1e2affd0fed1efba7f4b892e7b9abfa01abc2c8.tar.bz2 samba-a1e2affd0fed1efba7f4b892e7b9abfa01abc2c8.zip |
s3:libsmb: remove the guid from the cli->secblob in spnego mode
metze
-rw-r--r-- | source3/libsmb/cliconnect.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 77d122cf9c..315c2ac742 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1785,7 +1785,7 @@ static ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, DEBUG(3,("Doing spnego session setup (blob length=%lu)\n", (unsigned long)cli->secblob.length)); /* the server might not even do spnego */ - if (cli->secblob.length <= 16) { + if (cli->secblob.length == 0) { DEBUG(3,("server didn't supply a full spnego negprot\n")); goto ntlmssp; } @@ -1794,8 +1794,7 @@ static ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, file_save("negprot.dat", cli->secblob.data, cli->secblob.length); #endif - /* there is 16 bytes of GUID before the real spnego packet starts */ - blob = data_blob(cli->secblob.data+16, cli->secblob.length-16); + blob = data_blob(cli->secblob.data, cli->secblob.length); /* The server sent us the first part of the SPNEGO exchange in the * negprot reply. It is WRONG to depend on the principal sent in the @@ -2688,7 +2687,12 @@ static void cli_negprot_done(struct tevent_req *subreq) server_lockread = true; } if (server_capabilities & CAP_EXTENDED_SECURITY) { - cli->secblob = data_blob(bytes, num_bytes); + if (num_bytes < 16) { + tevent_req_nterror(req, + NT_STATUS_INVALID_NETWORK_RESPONSE); + return; + } + cli->secblob = data_blob(bytes+16, num_bytes-16); } else { cli->secblob = data_blob(bytes, MIN(num_bytes, 8)); /* work out if they sent us a workgroup */ |