summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2007-12-12 00:44:10 +0100
committerGünther Deschner <gd@samba.org>2007-12-12 00:58:58 +0100
commitf0d2edb9a0a98e732c23a3661933a2bf6c50cacd (patch)
tree1249454ba3b7f5beb89a4132e9289e7f62c39c8e /source3
parentec7426d917f9029052748d2271c5c071a13feb78 (diff)
downloadsamba-f0d2edb9a0a98e732c23a3661933a2bf6c50cacd.tar.gz
samba-f0d2edb9a0a98e732c23a3661933a2bf6c50cacd.tar.bz2
samba-f0d2edb9a0a98e732c23a3661933a2bf6c50cacd.zip
Make decode_wkssvc_join_password_buffer() return WERRORs.
Guenther (This used to be commit 88e9da2f14b41a62bdb478f9ffc2de66643bbf14)
Diffstat (limited to 'source3')
-rw-r--r--source3/libsmb/smbencrypt.c19
1 files changed, 14 insertions, 5 deletions
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index 8793fdcb55..9e37d1d6cf 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -731,10 +731,10 @@ void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
data_blob_free(&confounded_session_key);
}
-void decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
- struct wkssvc_PasswordBuffer *pwd_buf,
- DATA_BLOB *session_key,
- char **pwd)
+WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
+ struct wkssvc_PasswordBuffer *pwd_buf,
+ DATA_BLOB *session_key,
+ char **pwd)
{
uint8_t buffer[516];
struct MD5Context ctx;
@@ -745,6 +745,11 @@ void decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
int confounder_len = 8;
uint8_t confounder[8];
+ if (session_key->length != 16) {
+ DEBUG(10,("invalid session key\n"));
+ return WERR_BAD_PASSWORD;
+ }
+
memcpy(&confounder, &pwd_buf->data[0], confounder_len);
memcpy(&buffer, &pwd_buf->data[8], 516);
@@ -755,7 +760,11 @@ void decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
SamOEMhashBlob(buffer, 516, &confounded_session_key);
- decode_pw_buffer(mem_ctx, buffer, pwd, &pwd_len, STR_UNICODE);
+ if (!decode_pw_buffer(mem_ctx, buffer, pwd, &pwd_len, STR_UNICODE)) {
+ return WERR_BAD_PASSWORD;
+ }
data_blob_free(&confounded_session_key);
+
+ return WERR_OK;
}