summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2011-09-13 21:14:05 +0200
committerStefan Metzmacher <metze@samba.org>2011-09-15 12:12:26 +0200
commita1e2affd0fed1efba7f4b892e7b9abfa01abc2c8 (patch)
tree993de33fda49555f2afad61103a60cd8546a4b32 /source3
parent4a79d213c25c3708bbdb905ebc1e677ba50fe154 (diff)
downloadsamba-a1e2affd0fed1efba7f4b892e7b9abfa01abc2c8.tar.gz
samba-a1e2affd0fed1efba7f4b892e7b9abfa01abc2c8.tar.bz2
samba-a1e2affd0fed1efba7f4b892e7b9abfa01abc2c8.zip
s3:libsmb: remove the guid from the cli->secblob in spnego mode
metze
Diffstat (limited to 'source3')
-rw-r--r--source3/libsmb/cliconnect.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 77d122cf9c..315c2ac742 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1785,7 +1785,7 @@ static ADS_STATUS cli_session_setup_spnego(struct cli_state *cli,
DEBUG(3,("Doing spnego session setup (blob length=%lu)\n", (unsigned long)cli->secblob.length));
/* the server might not even do spnego */
- if (cli->secblob.length <= 16) {
+ if (cli->secblob.length == 0) {
DEBUG(3,("server didn't supply a full spnego negprot\n"));
goto ntlmssp;
}
@@ -1794,8 +1794,7 @@ static ADS_STATUS cli_session_setup_spnego(struct cli_state *cli,
file_save("negprot.dat", cli->secblob.data, cli->secblob.length);
#endif
- /* there is 16 bytes of GUID before the real spnego packet starts */
- blob = data_blob(cli->secblob.data+16, cli->secblob.length-16);
+ blob = data_blob(cli->secblob.data, cli->secblob.length);
/* The server sent us the first part of the SPNEGO exchange in the
* negprot reply. It is WRONG to depend on the principal sent in the
@@ -2688,7 +2687,12 @@ static void cli_negprot_done(struct tevent_req *subreq)
server_lockread = true;
}
if (server_capabilities & CAP_EXTENDED_SECURITY) {
- cli->secblob = data_blob(bytes, num_bytes);
+ if (num_bytes < 16) {
+ tevent_req_nterror(req,
+ NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+ cli->secblob = data_blob(bytes+16, num_bytes-16);
} else {
cli->secblob = data_blob(bytes, MIN(num_bytes, 8));
/* work out if they sent us a workgroup */