summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/smbencrypt.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index c547a4a003..e7198b801d 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -748,16 +748,24 @@ WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
struct MD5Context ctx;
uint32_t pwd_len;
- DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
+ DATA_BLOB confounded_session_key;
int confounder_len = 8;
uint8_t confounder[8];
+ *pwd = NULL;
+
+ if (!pwd_buf) {
+ return WERR_BAD_PASSWORD;
+ }
+
if (session_key->length != 16) {
DEBUG(10,("invalid session key\n"));
return WERR_BAD_PASSWORD;
}
+ confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
+
memcpy(&confounder, &pwd_buf->data[0], confounder_len);
memcpy(&buffer, &pwd_buf->data[8], 516);
@@ -769,6 +777,7 @@ WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
SamOEMhashBlob(buffer, 516, &confounded_session_key);
if (!decode_pw_buffer(mem_ctx, buffer, pwd, &pwd_len, STR_UNICODE)) {
+ data_blob_free(&confounded_session_key);
return WERR_BAD_PASSWORD;
}