Make sure we always have some client data, not just the hash. An NTLMv2 or

LMv2 response less than 24 bytes is just silly. Andrew Bartlett (This used to be commit b4ecdb2e582376d2713f81e8e32a668014905d70)
author: Andrew Bartlett <abartlet@samba.org> 2003-05-09 09:41:08 +0000
committer: Andrew Bartlett <abartlet@samba.org> 2003-05-09 09:41:08 +0000
commit: 5f5c4aaffd14cc15df4b367bc6d60641d7fdf7c6 (patch)
tree: 1a0bbae4b466732541e6ddf29da5c61f5fbdce39 /source3/auth/auth_sam.c
parent: 376b8d57eef44c630208805f4897d6fe30700c67 (diff)
download: samba-5f5c4aaffd14cc15df4b367bc6d60641d7fdf7c6.tar.gz
samba-5f5c4aaffd14cc15df4b367bc6d60641d7fdf7c6.tar.bz2
samba-5f5c4aaffd14cc15df4b367bc6d60641d7fdf7c6.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index 9a619f81f6..cb88014e98 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -98,9 +98,10 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB ntv2_response,
 		return False;
 	}
 
-	if (ntv2_response.length < 16) {
+	if (ntv2_response.length < 24) {
 		/* We MUST have more than 16 bytes, or the stuff below will go
-		   crazy... */
+		   crazy.  No known implementation sends less than the 24 bytes
+		   for LMv2, let alone NTLMv2. */
 		DEBUG(0, ("smb_pwd_check_ntlmv2: incorrect password length (%d)\n", 
 			  ntv2_response.length));
 		return False;
author	Andrew Bartlett <abartlet@samba.org>	2003-05-09 09:41:08 +0000
committer	Andrew Bartlett <abartlet@samba.org>	2003-05-09 09:41:08 +0000
commit	5f5c4aaffd14cc15df4b367bc6d60641d7fdf7c6 (patch)
tree	1a0bbae4b466732541e6ddf29da5c61f5fbdce39 /source3/auth/auth_sam.c
parent	376b8d57eef44c630208805f4897d6fe30700c67 (diff)
download	samba-5f5c4aaffd14cc15df4b367bc6d60641d7fdf7c6.tar.gz samba-5f5c4aaffd14cc15df4b367bc6d60641d7fdf7c6.tar.bz2 samba-5f5c4aaffd14cc15df4b367bc6d60641d7fdf7c6.zip