diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2010-05-25 20:55:40 +1000 |
|---|---|---|
| committer | Günther Deschner <gd@samba.org> | 2010-05-31 15:11:27 +0200 |
| commit | d6fa371b92681a327a86239721fc5990d91ad74f (patch) | |
| tree | 4f2cdef8f42b544a05237670bab6b0a5cca56f99 /source3/rpc_client | |
| parent | ebae21f0235b957c8faeeb51c926724909d353e9 (diff) | |
| download | samba-d6fa371b92681a327a86239721fc5990d91ad74f.tar.gz samba-d6fa371b92681a327a86239721fc5990d91ad74f.tar.bz2 samba-d6fa371b92681a327a86239721fc5990d91ad74f.zip | |
s3:ntlmssp Use a TALLOC_CTX for ntlmssp_sign_packet() and ntlmssp_seal_packet()
This ensures the results can't be easily left to leak.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source3/rpc_client')
| -rw-r--r-- | source3/rpc_client/cli_pipe.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 0cd4d60b5d..e248133de3 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -1976,11 +1976,14 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli, NTSTATUS status; DATA_BLOB auth_blob = data_blob_null; uint16 data_and_pad_len = prs_offset(outgoing_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN; + TALLOC_CTX *frame; if (!cli->auth->a_u.ntlmssp_state) { return NT_STATUS_INVALID_PARAMETER; } + frame = talloc_stackframe(); + /* Init and marshall the auth header. */ init_rpc_hdr_auth(&auth_info, map_pipe_auth_type_to_rpc_auth_type( @@ -1991,7 +1994,7 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli, if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, outgoing_pdu, 0)) { DEBUG(0,("add_ntlmssp_auth_footer: failed to marshall RPC_HDR_AUTH.\n")); - data_blob_free(&auth_blob); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } @@ -1999,13 +2002,14 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli, case DCERPC_AUTH_LEVEL_PRIVACY: /* Data portion is encrypted. */ status = ntlmssp_seal_packet(cli->auth->a_u.ntlmssp_state, + frame, (unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN, data_and_pad_len, (unsigned char *)prs_data_p(outgoing_pdu), (size_t)prs_offset(outgoing_pdu), &auth_blob); if (!NT_STATUS_IS_OK(status)) { - data_blob_free(&auth_blob); + talloc_free(frame); return status; } break; @@ -2013,13 +2017,14 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli, case DCERPC_AUTH_LEVEL_INTEGRITY: /* Data is signed. */ status = ntlmssp_sign_packet(cli->auth->a_u.ntlmssp_state, + frame, (unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN, data_and_pad_len, (unsigned char *)prs_data_p(outgoing_pdu), (size_t)prs_offset(outgoing_pdu), &auth_blob); if (!NT_STATUS_IS_OK(status)) { - data_blob_free(&auth_blob); + talloc_free(frame); return status; } break; @@ -2036,11 +2041,11 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli, if (!prs_copy_data_in(outgoing_pdu, (const char *)auth_blob.data, NTLMSSP_SIG_SIZE)) { DEBUG(0,("add_ntlmssp_auth_footer: failed to add %u bytes auth blob.\n", (unsigned int)NTLMSSP_SIG_SIZE)); - data_blob_free(&auth_blob); + talloc_free(frame); return NT_STATUS_NO_MEMORY; } - data_blob_free(&auth_blob); + talloc_free(frame); return NT_STATUS_OK; } |