diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2010-05-25 20:55:40 +1000 |
|---|---|---|
| committer | Günther Deschner <gd@samba.org> | 2010-05-31 15:11:27 +0200 |
| commit | d6fa371b92681a327a86239721fc5990d91ad74f (patch) | |
| tree | 4f2cdef8f42b544a05237670bab6b0a5cca56f99 /source3/rpc_server | |
| parent | ebae21f0235b957c8faeeb51c926724909d353e9 (diff) | |
| download | samba-d6fa371b92681a327a86239721fc5990d91ad74f.tar.gz samba-d6fa371b92681a327a86239721fc5990d91ad74f.tar.bz2 samba-d6fa371b92681a327a86239721fc5990d91ad74f.zip | |
s3:ntlmssp Use a TALLOC_CTX for ntlmssp_sign_packet() and ntlmssp_seal_packet()
This ensures the results can't be easily left to leak.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source3/rpc_server')
| -rw-r--r-- | source3/rpc_server/srv_pipe.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index ce087a4e03..50914acfbd 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -68,6 +68,7 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p) RPC_HDR_AUTH auth_info; uint8 auth_type, auth_level; struct auth_ntlmssp_state *a = p->auth.a_u.auth_ntlmssp_state; + TALLOC_CTX *frame; /* * If we're in the fault state, keep returning fault PDU's until @@ -222,11 +223,12 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p) /* Generate the sign blob. */ + frame = talloc_stackframe(); switch (p->auth.auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: /* Data portion is encrypted. */ status = auth_ntlmssp_seal_packet( - a, + a, frame, (uint8_t *)prs_data_p(&p->out_data.frag) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN, data_len + ss_padding_len, @@ -234,7 +236,7 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p) (size_t)prs_offset(&p->out_data.frag), &auth_blob); if (!NT_STATUS_IS_OK(status)) { - data_blob_free(&auth_blob); + talloc_free(frame); prs_mem_free(&p->out_data.frag); return False; } @@ -242,7 +244,7 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p) case DCERPC_AUTH_LEVEL_INTEGRITY: /* Data is signed. */ status = auth_ntlmssp_sign_packet( - a, + a, frame, (unsigned char *)prs_data_p(&p->out_data.frag) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN, data_len + ss_padding_len, @@ -250,12 +252,13 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p) (size_t)prs_offset(&p->out_data.frag), &auth_blob); if (!NT_STATUS_IS_OK(status)) { - data_blob_free(&auth_blob); + talloc_free(frame); prs_mem_free(&p->out_data.frag); return False; } break; default: + talloc_free(frame); prs_mem_free(&p->out_data.frag); return False; } @@ -265,12 +268,11 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p) NTLMSSP_SIG_SIZE)) { DEBUG(0,("create_next_pdu_ntlmssp: failed to add %u bytes auth blob.\n", (unsigned int)NTLMSSP_SIG_SIZE)); - data_blob_free(&auth_blob); + talloc_free(frame); prs_mem_free(&p->out_data.frag); return False; } - - data_blob_free(&auth_blob); + talloc_free(frame); /* * Setup the counts for this PDU. |