summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2009-04-20 05:19:48 +1000
committerAndrew Bartlett <abartlet@samba.org>2009-04-20 05:19:48 +1000
commit0c771bfc70fecf25fbb4aa090bfdd14811b1f3bb (patch)
tree59d517ea356020c7b546d2fef2053ff7e7d70c6d
parent34193cffc0900d8563822a9524f87b76d93ee80e (diff)
downloadsamba-0c771bfc70fecf25fbb4aa090bfdd14811b1f3bb.tar.gz
samba-0c771bfc70fecf25fbb4aa090bfdd14811b1f3bb.tar.bz2
samba-0c771bfc70fecf25fbb4aa090bfdd14811b1f3bb.zip
s3:ntlmssp Fix segfault: msrpc_gen now uses talloc()
-rw-r--r--source3/libsmb/ntlmssp.c54
1 files changed, 8 insertions, 46 deletions
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index a1672af068..06c8c3f416 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -644,9 +644,6 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
uchar session_nonce_hash[16];
const char *parse_string;
- char *domain = NULL;
- char *user = NULL;
- char *workstation = NULL;
/* parse the NTLMSSP packet */
*reply = data_blob_null;
@@ -669,20 +666,16 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
ntlmssp_state->workstation = NULL;
/* now the NTLMSSP encoded auth hashes */
- if (!msrpc_parse(NULL, &request, parse_string,
+ if (!msrpc_parse(ntlmssp_state, &request, parse_string,
"NTLMSSP",
&ntlmssp_command,
&ntlmssp_state->lm_resp,
&ntlmssp_state->nt_resp,
- &domain,
- &user,
- &workstation,
+ &ntlmssp_state->domain,
+ &ntlmssp_state->user,
+ &ntlmssp_state->workstation,
&encrypted_session_key,
&auth_flags)) {
- SAFE_FREE(domain);
- SAFE_FREE(user);
- SAFE_FREE(workstation);
- data_blob_free(&encrypted_session_key);
auth_flags = 0;
/* Try again with a shorter string (Win9X truncates this packet) */
@@ -693,19 +686,16 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
}
/* now the NTLMSSP encoded auth hashes */
- if (!msrpc_parse(NULL, &request, parse_string,
+ if (!msrpc_parse(ntlmssp_state, &request, parse_string,
"NTLMSSP",
&ntlmssp_command,
&ntlmssp_state->lm_resp,
&ntlmssp_state->nt_resp,
- &domain,
- &user,
- &workstation)) {
+ &ntlmssp_state->domain,
+ &ntlmssp_state->user,
+ &ntlmssp_state->workstation)) {
DEBUG(1, ("ntlmssp_server_auth: failed to parse NTLMSSP (tried both formats):\n"));
dump_data(2, request.data, request.length);
- SAFE_FREE(domain);
- SAFE_FREE(user);
- SAFE_FREE(workstation);
return NT_STATUS_INVALID_PARAMETER;
}
@@ -714,34 +704,6 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
if (auth_flags)
ntlmssp_handle_neg_flags(ntlmssp_state, auth_flags, lp_lanman_auth());
- if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_domain(ntlmssp_state, domain))) {
- SAFE_FREE(domain);
- SAFE_FREE(user);
- SAFE_FREE(workstation);
- data_blob_free(&encrypted_session_key);
- return nt_status;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state, user))) {
- SAFE_FREE(domain);
- SAFE_FREE(user);
- SAFE_FREE(workstation);
- data_blob_free(&encrypted_session_key);
- return nt_status;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_workstation(ntlmssp_state, workstation))) {
- SAFE_FREE(domain);
- SAFE_FREE(user);
- SAFE_FREE(workstation);
- data_blob_free(&encrypted_session_key);
- return nt_status;
- }
-
- SAFE_FREE(domain);
- SAFE_FREE(user);
- SAFE_FREE(workstation);
-
DEBUG(3,("Got user=[%s] domain=[%s] workstation=[%s] len1=%lu len2=%lu\n",
ntlmssp_state->user, ntlmssp_state->domain, ntlmssp_state->workstation, (unsigned long)ntlmssp_state->lm_resp.length, (unsigned long)ntlmssp_state->nt_resp.length));