From b7a5e3de1eac86bd460aed341ec17a01f4b82e5f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 2 Sep 2006 21:41:28 +0000 Subject: r18008: Ok, same fix as before. But this time also allocate the session key. This had worked in one test, no idea what memory I've overwritten that time. This time it survives the unpatched w2k password change. Volker (This used to be commit bf7bf8e4e9a279fe3ef1e9ff655b12f65c3c3e67) --- source3/libsmb/ntlmssp.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index 70fcd24e76..d017bdb76c 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -813,16 +813,25 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, if (lm_session_key.data && lm_session_key.length >= 8) { if (ntlmssp_state->lm_resp.data && ntlmssp_state->lm_resp.length == 24) { session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16); + if (session_key.data == NULL) { + return NT_STATUS_NO_MEMORY; + } SMBsesskeygen_lm_sess_key(lm_session_key.data, ntlmssp_state->lm_resp.data, session_key.data); DEBUG(10,("ntlmssp_server_auth: Created NTLM session key.\n")); - dump_data_pw("LM session key:\n", session_key.data, session_key.length); } else { - /* use the key unmodified - it's - * probably a NULL key from the guest - * login */ - session_key = lm_session_key; + static const uint8 zeros[24] = { 0, }; + session_key = data_blob_talloc( + ntlmssp_state->mem_ctx, NULL, 16); + if (session_key.data == NULL) { + return NT_STATUS_NO_MEMORY; + } + SMBsesskeygen_lm_sess_key( + lm_session_key.data, zeros, + session_key.data); } + dump_data_pw("LM session key:\n", session_key.data, + session_key.length); } else { DEBUG(10,("ntlmssp_server_auth: Failed to create NTLM session key.\n")); session_key = data_blob(NULL, 0); -- cgit