diff options
author | Andrew Tridgell <tridge@samba.org> | 1997-10-15 04:51:23 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 1997-10-15 04:51:23 +0000 |
commit | be73ce8321d5714fcd74f71ed9f6532ca4e1090b (patch) | |
tree | 1d04933abcc8b61a7c26bda615342d1963abed06 | |
parent | 91e56c7b7b5b1a72dc00b468204c007820d3460e (diff) | |
download | samba-be73ce8321d5714fcd74f71ed9f6532ca4e1090b.tar.gz samba-be73ce8321d5714fcd74f71ed9f6532ca4e1090b.tar.bz2 samba-be73ce8321d5714fcd74f71ed9f6532ca4e1090b.zip |
fixed a stack overflow bug in api_lsa_req_chal()
changed the order of arguments to smbhash() in credentials.c. Luke,
when you changed from E1() to smbhash() you didn't notice that the
arguments are in a different order. This is why your new code was
failing.
NT logon still fails, but now gets to SAMLOGON. It shouldn't take much
to get it working now.
(This used to be commit 708edc348f0fb81d9c918e4bf857f339a13a3781)
-rw-r--r-- | source3/libsmb/credentials.c | 8 | ||||
-rw-r--r-- | source3/pipenetlog.c | 2 |
2 files changed, 5 insertions, 5 deletions
diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c index 07816bc0cf..babc8180f2 100644 --- a/source3/libsmb/credentials.c +++ b/source3/libsmb/credentials.c @@ -44,8 +44,8 @@ void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass, SIVAL(sum2,0,sum[0]); SIVAL(sum2,4,sum[1]); - smbhash(pass , sum2, buf); - smbhash(pass+9, buf , netsesskey); + smbhash(buf, sum2, pass); + smbhash(netsesskey, buf, pass+9); session_key[0] = IVAL(netsesskey, 0); session_key[1] = IVAL(netsesskey, 4); @@ -86,10 +86,10 @@ void cred_create(uint32 session_key[2], DOM_CHAL *stor_cred, UTIME timestamp, SIVAL(timecred, 0, IVAL(stor_cred, 0) + timestamp.time); SIVAL(timecred, 4, IVAL(stor_cred, 4)); - smbhash(netsesskey, timecred, buf); + smbhash(buf, timecred, netsesskey); memset(key2, 0, 7); key2[0] = netsesskey[7]; - smbhash(key2, buf, calc_cred); + smbhash(calc_cred, buf, key2); cred->data[0] = IVAL(calc_cred, 0); cred->data[1] = IVAL(calc_cred, 4); diff --git a/source3/pipenetlog.c b/source3/pipenetlog.c index acb7f806b9..6d406ee7d2 100644 --- a/source3/pipenetlog.c +++ b/source3/pipenetlog.c @@ -292,7 +292,7 @@ static BOOL update_dcinfo(int cnum, uint16 vuid, } { - char foo[16]; + fstring foo; for (i = 0; i < 16; i++) sprintf(foo+i*2,"%02x ", dc->md4pw[i]); DEBUG(4,("pass %s %s\n", mach_acct, foo)); } |