From f0d2edb9a0a98e732c23a3661933a2bf6c50cacd Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Wed, 12 Dec 2007 00:44:10 +0100
Subject: Make decode_wkssvc_join_password_buffer() return WERRORs.

Guenther
(This used to be commit 88e9da2f14b41a62bdb478f9ffc2de66643bbf14)
---
 source3/libsmb/smbencrypt.c | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

(limited to 'source3/libsmb/smbencrypt.c')

diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index 8793fdcb55..9e37d1d6cf 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -731,10 +731,10 @@ void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
 	data_blob_free(&confounded_session_key);
 }
 
-void decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
-					struct wkssvc_PasswordBuffer *pwd_buf,
-					DATA_BLOB *session_key,
-					char **pwd)
+WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
+					  struct wkssvc_PasswordBuffer *pwd_buf,
+					  DATA_BLOB *session_key,
+					  char **pwd)
 {
 	uint8_t buffer[516];
 	struct MD5Context ctx;
@@ -745,6 +745,11 @@ void decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
 	int confounder_len = 8;
 	uint8_t confounder[8];
 
+	if (session_key->length != 16) {
+		DEBUG(10,("invalid session key\n"));
+		return WERR_BAD_PASSWORD;
+	}
+
 	memcpy(&confounder, &pwd_buf->data[0], confounder_len);
 	memcpy(&buffer, &pwd_buf->data[8], 516);
 
@@ -755,7 +760,11 @@ void decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
 
 	SamOEMhashBlob(buffer, 516, &confounded_session_key);
 
-	decode_pw_buffer(mem_ctx, buffer, pwd, &pwd_len, STR_UNICODE);
+	if (!decode_pw_buffer(mem_ctx, buffer, pwd, &pwd_len, STR_UNICODE)) {
+		return WERR_BAD_PASSWORD;
+	}
 
 	data_blob_free(&confounded_session_key);
+
+	return WERR_OK;
 }
-- 
cgit