diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-08-06 20:24:35 +1000 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2010-08-10 12:13:00 +0200 |
commit | d112557a05b23480abd3f2f52c1c7b8ded2b4f66 (patch) | |
tree | af45de685dfe75d5f704d16b7d45a3e471a78f53 /source3 | |
parent | f6cc686036281ee9b467ba18e96ee5086b89bef7 (diff) | |
download | samba-d112557a05b23480abd3f2f52c1c7b8ded2b4f66.tar.gz samba-d112557a05b23480abd3f2f52c1c7b8ded2b4f66.tar.bz2 samba-d112557a05b23480abd3f2f52c1c7b8ded2b4f66.zip |
s3:ntlmssp Don't permit LM_KEY in combination with NTLMv2
This is another 'belts and braces' check to avoid the use of the
weak 'LM_KEY' encryption when the client has chosen NTLMv2.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source3')
-rw-r--r-- | source3/libsmb/ntlmssp.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index 7ac20826de..2fdc938f49 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -617,7 +617,10 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, DEBUG(10,("ntlmssp_server_auth: Failed to create NTLM2 session key.\n")); session_key = data_blob_null; } - } else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) { + } else if ((ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) + /* Ensure we can never get here on NTLMv2 */ + && (ntlmssp_state->nt_resp.length == 0 || ntlmssp_state->nt_resp.length == 24)) { + if (lm_session_key.data && lm_session_key.length >= 8) { if (ntlmssp_state->lm_resp.data && ntlmssp_state->lm_resp.length == 24) { session_key = data_blob_talloc(ntlmssp_state, |