Make decode_wkssvc_join_password_buffer() return WERRORs.

Guenther
(This used to be commit 88e9da2f14b41a62bdb478f9ffc2de66643bbf14)

1 files changed, 14 insertions, 5 deletions

diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index 8793fdcb55..9e37d1d6cf 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -731,10 +731,10 @@ void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
 	data_blob_free(&confounded_session_key);
 }
 
-void decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
-					struct wkssvc_PasswordBuffer *pwd_buf,
-					DATA_BLOB *session_key,
-					char **pwd)
+WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
+					  struct wkssvc_PasswordBuffer *pwd_buf,
+					  DATA_BLOB *session_key,
+					  char **pwd)
 {
 	uint8_t buffer[516];
 	struct MD5Context ctx;
@@ -745,6 +745,11 @@ void decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
 	int confounder_len = 8;
 	uint8_t confounder[8];
 
+	if (session_key->length != 16) {
+		DEBUG(10,("invalid session key\n"));
+		return WERR_BAD_PASSWORD;
+	}
+
 	memcpy(&confounder, &pwd_buf->data[0], confounder_len);
 	memcpy(&buffer, &pwd_buf->data[8], 516);
 
@@ -755,7 +760,11 @@ void decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
 
 	SamOEMhashBlob(buffer, 516, &confounded_session_key);
 
-	decode_pw_buffer(mem_ctx, buffer, pwd, &pwd_len, STR_UNICODE);
+	if (!decode_pw_buffer(mem_ctx, buffer, pwd, &pwd_len, STR_UNICODE)) {
+		return WERR_BAD_PASSWORD;
+	}
 
 	data_blob_free(&confounded_session_key);
+
+	return WERR_OK;
 }