summaryrefslogtreecommitdiff
path: root/source3/modules
diff options
context:
space:
mode:
authorMatthieu Patou <mat@matws.net>2012-01-24 14:48:31 -0800
committerJeremy Allison <jra@samba.org>2012-01-25 03:12:14 +0100
commit9e6675e8d04f503bec0d620654f86e18149fcf88 (patch)
tree7b3b65f832336a1f121a50e32aa7208548c1acc7 /source3/modules
parentfb235a3be6372e40ff7f7ebbcd7905a08cb04444 (diff)
downloadsamba-9e6675e8d04f503bec0d620654f86e18149fcf88.tar.gz
samba-9e6675e8d04f503bec0d620654f86e18149fcf88.tar.bz2
samba-9e6675e8d04f503bec0d620654f86e18149fcf88.zip
s3: improve the code in the AES encryption.
Remove looping replace them by memcpy. Fix bug #8674 (Buffer overflow in vfs_smb_traffic_analyzer). Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Jan 25 03:12:14 CET 2012 on sn-devel-104
Diffstat (limited to 'source3/modules')
-rw-r--r--source3/modules/vfs_smb_traffic_analyzer.c16
1 files changed, 8 insertions, 8 deletions
diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c
index 7b9a902e14..025fbbda90 100644
--- a/source3/modules/vfs_smb_traffic_analyzer.c
+++ b/source3/modules/vfs_smb_traffic_analyzer.c
@@ -169,27 +169,27 @@ struct refcounted_sock {
static char *smb_traffic_analyzer_encrypt( TALLOC_CTX *ctx,
const char *akey, const char *str, size_t *len)
{
- int s1,s2,h,d;
+ int s1,s2,h;
AES_KEY key;
unsigned char filler[17]= "................";
char *output;
- unsigned char crypted[18];
if (akey == NULL) return NULL;
samba_AES_set_encrypt_key((const unsigned char *) akey, 128, &key);
s1 = strlen(str) / 16;
s2 = strlen(str) % 16;
- for (h = 0; h < s2; h++) *(filler+h)=*(str+(s1*16)+h);
+ memcpy(filler, str + (s1*16), s2);
DEBUG(10, ("smb_traffic_analyzer_send_data_socket: created %s"
" as filling block.\n", filler));
- output = talloc_array(ctx, char, (s1*16)+17 );
- d=0;
+
+ *len = ((s1 + 1)*16);
+ output = talloc_array(ctx, char, *len);
for (h = 0; h < s1; h++) {
- samba_AES_encrypt((const unsigned char *) str+(16*h), crypted, &key);
- for (d = 0; d<16; d++) output[d+(16*h)]=crypted[d];
+ samba_AES_encrypt((unsigned char *) str+(16*h), output+16*h,
+ &key);
}
samba_AES_encrypt(filler, (const unsigned char *)(output+(16*h)), &key);
*len = (s1*16)+16;
- return output;
+ return output;
}
/**