summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2003-11-26 02:08:41 +0000
committerAndrew Tridgell <tridge@samba.org>2003-11-26 02:08:41 +0000
commitc123c8454142d17d2884ae9dd951b7f2a0b1a343 (patch)
tree6de49a1ff7dd9460fd2d20ac74f8b8e9ecd5dcb1
parente0ac659917066dbf7f8fdbcc7684ce2b49dd04d9 (diff)
downloadsamba-c123c8454142d17d2884ae9dd951b7f2a0b1a343.tar.gz
samba-c123c8454142d17d2884ae9dd951b7f2a0b1a343.tar.bz2
samba-c123c8454142d17d2884ae9dd951b7f2a0b1a343.zip
fixed some memory leaks in the dcerpc use of ntlmssp signing
(This used to be commit abbc9993b8f7eb9f57e079db1d0b170d0b9aa443)
-rw-r--r--source4/lib/data_blob.c5
-rw-r--r--source4/libcli/auth/ntlmssp_sign.c8
-rw-r--r--source4/librpc/rpc/dcerpc.c5
-rw-r--r--source4/librpc/rpc/dcerpc_auth.c26
-rw-r--r--source4/param/loadparm.c2
5 files changed, 36 insertions, 10 deletions
diff --git a/source4/lib/data_blob.c b/source4/lib/data_blob.c
index d51cffbca4..933617e9ee 100644
--- a/source4/lib/data_blob.c
+++ b/source4/lib/data_blob.c
@@ -73,6 +73,7 @@ DATA_BLOB data_blob_talloc(TALLOC_CTX *mem_ctx, const void *p, size_t length)
}
ret.length = length;
memset(ret.data, 0, ret.length);
+ ret.free = NULL;
return ret;
}
@@ -91,8 +92,6 @@ free a data blob
*******************************************************************/
void data_blob_free(DATA_BLOB *d)
{
- return;
-
if (d) {
if (d->free) {
(d->free)(d);
@@ -124,7 +123,7 @@ void data_blob_clear_free(DATA_BLOB *d)
/*******************************************************************
check if two data blobs are equal
*******************************************************************/
-BOOL data_blob_equal(DATA_BLOB *d1, DATA_BLOB *d2)
+BOOL data_blob_equal(const DATA_BLOB *d1, const DATA_BLOB *d2)
{
if (d1->length != d2->length) {
return False;
diff --git a/source4/libcli/auth/ntlmssp_sign.c b/source4/libcli/auth/ntlmssp_sign.c
index 11d63ec5f3..2f510b0f98 100644
--- a/source4/libcli/auth/ntlmssp_sign.c
+++ b/source4/libcli/auth/ntlmssp_sign.c
@@ -180,8 +180,10 @@ NTSTATUS ntlmssp_check_packet(NTLMSSP_STATE *ntlmssp_state,
DEBUG(0, ("NTLMSSP packet check failed with %s\n", nt_errstr(nt_status)));
return nt_status;
}
-
- if (memcmp(sig->data+sig->length - 8, local_sig.data+local_sig.length - 8, 8) != 0) {
+
+ if (local_sig.length != sig->length ||
+ memcmp(local_sig.data + local_sig.length - 8,
+ sig->data + sig->length - 8, 8) != 0) {
DEBUG(5, ("BAD SIG: wanted signature of\n"));
dump_data(5, (const char *)local_sig.data, local_sig.length);
@@ -192,6 +194,8 @@ NTSTATUS ntlmssp_check_packet(NTLMSSP_STATE *ntlmssp_state,
return NT_STATUS_ACCESS_DENIED;
}
+ data_blob_free(&local_sig);
+
/* increment counter on recieive */
ntlmssp_state->ntlmssp_seq_num++;
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index bf5da4edb4..83fb0b592c 100644
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -53,6 +53,9 @@ void dcerpc_pipe_close(struct dcerpc_pipe *p)
if (!p) return;
p->reference_count--;
if (p->reference_count <= 0) {
+ if (p->ntlmssp_state) {
+ ntlmssp_end(&p->ntlmssp_state);
+ }
p->transport.shutdown_pipe(p);
talloc_destroy(p->mem_ctx);
}
@@ -238,6 +241,8 @@ static NTSTATUS dcerpc_push_request_sign(struct dcerpc_pipe *p,
SSVAL(blob->data, 8, blob->length);
SSVAL(blob->data, 10, p->auth_info->credentials.length);
+ data_blob_free(&p->auth_info->credentials);
+
return NT_STATUS_OK;
}
diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c
index 32fdcb0b86..103a3c70d8 100644
--- a/source4/librpc/rpc/dcerpc_auth.c
+++ b/source4/librpc/rpc/dcerpc_auth.c
@@ -34,6 +34,7 @@ NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p,
NTSTATUS status;
struct ntlmssp_state *state;
TALLOC_CTX *mem_ctx;
+ DATA_BLOB credentials;
mem_ctx = talloc_init("dcerpc_bind_auth_ntlm");
if (!mem_ctx) {
@@ -76,27 +77,44 @@ NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p,
status = ntlmssp_update(state,
p->auth_info->credentials,
- &p->auth_info->credentials);
+ &credentials);
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
goto done;
}
+
+ p->auth_info->credentials = data_blob_talloc(mem_ctx,
+ credentials.data,
+ credentials.length);
+ data_blob_free(&credentials);
+
status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
+
status = ntlmssp_update(state,
p->auth_info->credentials,
- &p->auth_info->credentials);
+ &credentials);
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
goto done;
}
+ p->auth_info->credentials = data_blob_talloc(mem_ctx,
+ credentials.data,
+ credentials.length);
+ data_blob_free(&credentials);
+
status = dcerpc_auth3(p, mem_ctx);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
p->ntlmssp_state = state;
- p->auth_info->credentials = data_blob(NULL, 0);
- ntlmssp_sign_init(state);
+ /* setup for signing */
+ status = ntlmssp_sign_init(state);
done:
talloc_destroy(mem_ctx);
diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
index 9aceaaa12a..6ec4842c6d 100644
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -3801,7 +3801,7 @@ BOOL lp_load(const char *pszFname, BOOL global_only, BOOL save_defaults,
bRetval = False;
- DEBUG(0, ("lp_load: refreshing parameters from %s\n", pszFname));
+ DEBUG(2, ("lp_load: refreshing parameters from %s\n", pszFname));
bInGlobalSection = True;
bGlobalOnly = global_only;