summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>1997-10-15 04:51:23 +0000
committerAndrew Tridgell <tridge@samba.org>1997-10-15 04:51:23 +0000
commitbe73ce8321d5714fcd74f71ed9f6532ca4e1090b (patch)
tree1d04933abcc8b61a7c26bda615342d1963abed06
parent91e56c7b7b5b1a72dc00b468204c007820d3460e (diff)
downloadsamba-be73ce8321d5714fcd74f71ed9f6532ca4e1090b.tar.gz
samba-be73ce8321d5714fcd74f71ed9f6532ca4e1090b.tar.bz2
samba-be73ce8321d5714fcd74f71ed9f6532ca4e1090b.zip
fixed a stack overflow bug in api_lsa_req_chal()
changed the order of arguments to smbhash() in credentials.c. Luke, when you changed from E1() to smbhash() you didn't notice that the arguments are in a different order. This is why your new code was failing. NT logon still fails, but now gets to SAMLOGON. It shouldn't take much to get it working now. (This used to be commit 708edc348f0fb81d9c918e4bf857f339a13a3781)
-rw-r--r--source3/libsmb/credentials.c8
-rw-r--r--source3/pipenetlog.c2
2 files changed, 5 insertions, 5 deletions
diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c
index 07816bc0cf..babc8180f2 100644
--- a/source3/libsmb/credentials.c
+++ b/source3/libsmb/credentials.c
@@ -44,8 +44,8 @@ void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass,
SIVAL(sum2,0,sum[0]);
SIVAL(sum2,4,sum[1]);
- smbhash(pass , sum2, buf);
- smbhash(pass+9, buf , netsesskey);
+ smbhash(buf, sum2, pass);
+ smbhash(netsesskey, buf, pass+9);
session_key[0] = IVAL(netsesskey, 0);
session_key[1] = IVAL(netsesskey, 4);
@@ -86,10 +86,10 @@ void cred_create(uint32 session_key[2], DOM_CHAL *stor_cred, UTIME timestamp,
SIVAL(timecred, 0, IVAL(stor_cred, 0) + timestamp.time);
SIVAL(timecred, 4, IVAL(stor_cred, 4));
- smbhash(netsesskey, timecred, buf);
+ smbhash(buf, timecred, netsesskey);
memset(key2, 0, 7);
key2[0] = netsesskey[7];
- smbhash(key2, buf, calc_cred);
+ smbhash(calc_cred, buf, key2);
cred->data[0] = IVAL(calc_cred, 0);
cred->data[1] = IVAL(calc_cred, 4);
diff --git a/source3/pipenetlog.c b/source3/pipenetlog.c
index acb7f806b9..6d406ee7d2 100644
--- a/source3/pipenetlog.c
+++ b/source3/pipenetlog.c
@@ -292,7 +292,7 @@ static BOOL update_dcinfo(int cnum, uint16 vuid,
}
{
- char foo[16];
+ fstring foo;
for (i = 0; i < 16; i++) sprintf(foo+i*2,"%02x ", dc->md4pw[i]);
DEBUG(4,("pass %s %s\n", mach_acct, foo));
}