diff options
author | Andrew Tridgell <tridge@samba.org> | 2003-11-26 02:08:41 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2003-11-26 02:08:41 +0000 |
commit | c123c8454142d17d2884ae9dd951b7f2a0b1a343 (patch) | |
tree | 6de49a1ff7dd9460fd2d20ac74f8b8e9ecd5dcb1 | |
parent | e0ac659917066dbf7f8fdbcc7684ce2b49dd04d9 (diff) | |
download | samba-c123c8454142d17d2884ae9dd951b7f2a0b1a343.tar.gz samba-c123c8454142d17d2884ae9dd951b7f2a0b1a343.tar.bz2 samba-c123c8454142d17d2884ae9dd951b7f2a0b1a343.zip |
fixed some memory leaks in the dcerpc use of ntlmssp signing
(This used to be commit abbc9993b8f7eb9f57e079db1d0b170d0b9aa443)
-rw-r--r-- | source4/lib/data_blob.c | 5 | ||||
-rw-r--r-- | source4/libcli/auth/ntlmssp_sign.c | 8 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc.c | 5 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_auth.c | 26 | ||||
-rw-r--r-- | source4/param/loadparm.c | 2 |
5 files changed, 36 insertions, 10 deletions
diff --git a/source4/lib/data_blob.c b/source4/lib/data_blob.c index d51cffbca4..933617e9ee 100644 --- a/source4/lib/data_blob.c +++ b/source4/lib/data_blob.c @@ -73,6 +73,7 @@ DATA_BLOB data_blob_talloc(TALLOC_CTX *mem_ctx, const void *p, size_t length) } ret.length = length; memset(ret.data, 0, ret.length); + ret.free = NULL; return ret; } @@ -91,8 +92,6 @@ free a data blob *******************************************************************/ void data_blob_free(DATA_BLOB *d) { - return; - if (d) { if (d->free) { (d->free)(d); @@ -124,7 +123,7 @@ void data_blob_clear_free(DATA_BLOB *d) /******************************************************************* check if two data blobs are equal *******************************************************************/ -BOOL data_blob_equal(DATA_BLOB *d1, DATA_BLOB *d2) +BOOL data_blob_equal(const DATA_BLOB *d1, const DATA_BLOB *d2) { if (d1->length != d2->length) { return False; diff --git a/source4/libcli/auth/ntlmssp_sign.c b/source4/libcli/auth/ntlmssp_sign.c index 11d63ec5f3..2f510b0f98 100644 --- a/source4/libcli/auth/ntlmssp_sign.c +++ b/source4/libcli/auth/ntlmssp_sign.c @@ -180,8 +180,10 @@ NTSTATUS ntlmssp_check_packet(NTLMSSP_STATE *ntlmssp_state, DEBUG(0, ("NTLMSSP packet check failed with %s\n", nt_errstr(nt_status))); return nt_status; } - - if (memcmp(sig->data+sig->length - 8, local_sig.data+local_sig.length - 8, 8) != 0) { + + if (local_sig.length != sig->length || + memcmp(local_sig.data + local_sig.length - 8, + sig->data + sig->length - 8, 8) != 0) { DEBUG(5, ("BAD SIG: wanted signature of\n")); dump_data(5, (const char *)local_sig.data, local_sig.length); @@ -192,6 +194,8 @@ NTSTATUS ntlmssp_check_packet(NTLMSSP_STATE *ntlmssp_state, return NT_STATUS_ACCESS_DENIED; } + data_blob_free(&local_sig); + /* increment counter on recieive */ ntlmssp_state->ntlmssp_seq_num++; diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index bf5da4edb4..83fb0b592c 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -53,6 +53,9 @@ void dcerpc_pipe_close(struct dcerpc_pipe *p) if (!p) return; p->reference_count--; if (p->reference_count <= 0) { + if (p->ntlmssp_state) { + ntlmssp_end(&p->ntlmssp_state); + } p->transport.shutdown_pipe(p); talloc_destroy(p->mem_ctx); } @@ -238,6 +241,8 @@ static NTSTATUS dcerpc_push_request_sign(struct dcerpc_pipe *p, SSVAL(blob->data, 8, blob->length); SSVAL(blob->data, 10, p->auth_info->credentials.length); + data_blob_free(&p->auth_info->credentials); + return NT_STATUS_OK; } diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c index 32fdcb0b86..103a3c70d8 100644 --- a/source4/librpc/rpc/dcerpc_auth.c +++ b/source4/librpc/rpc/dcerpc_auth.c @@ -34,6 +34,7 @@ NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p, NTSTATUS status; struct ntlmssp_state *state; TALLOC_CTX *mem_ctx; + DATA_BLOB credentials; mem_ctx = talloc_init("dcerpc_bind_auth_ntlm"); if (!mem_ctx) { @@ -76,27 +77,44 @@ NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p, status = ntlmssp_update(state, p->auth_info->credentials, - &p->auth_info->credentials); + &credentials); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { goto done; } + + p->auth_info->credentials = data_blob_talloc(mem_ctx, + credentials.data, + credentials.length); + data_blob_free(&credentials); + status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version); if (!NT_STATUS_IS_OK(status)) { goto done; } + status = ntlmssp_update(state, p->auth_info->credentials, - &p->auth_info->credentials); + &credentials); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { goto done; } + p->auth_info->credentials = data_blob_talloc(mem_ctx, + credentials.data, + credentials.length); + data_blob_free(&credentials); + status = dcerpc_auth3(p, mem_ctx); + + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + p->ntlmssp_state = state; - p->auth_info->credentials = data_blob(NULL, 0); - ntlmssp_sign_init(state); + /* setup for signing */ + status = ntlmssp_sign_init(state); done: talloc_destroy(mem_ctx); diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c index 9aceaaa12a..6ec4842c6d 100644 --- a/source4/param/loadparm.c +++ b/source4/param/loadparm.c @@ -3801,7 +3801,7 @@ BOOL lp_load(const char *pszFname, BOOL global_only, BOOL save_defaults, bRetval = False; - DEBUG(0, ("lp_load: refreshing parameters from %s\n", pszFname)); + DEBUG(2, ("lp_load: refreshing parameters from %s\n", pszFname)); bInGlobalSection = True; bGlobalOnly = global_only; |