From f0d2edb9a0a98e732c23a3661933a2bf6c50cacd Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 12 Dec 2007 00:44:10 +0100 Subject: Make decode_wkssvc_join_password_buffer() return WERRORs. Guenther (This used to be commit 88e9da2f14b41a62bdb478f9ffc2de66643bbf14) --- source3/libsmb/smbencrypt.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'source3') diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index 8793fdcb55..9e37d1d6cf 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -731,10 +731,10 @@ void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, data_blob_free(&confounded_session_key); } -void decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, - struct wkssvc_PasswordBuffer *pwd_buf, - DATA_BLOB *session_key, - char **pwd) +WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, + struct wkssvc_PasswordBuffer *pwd_buf, + DATA_BLOB *session_key, + char **pwd) { uint8_t buffer[516]; struct MD5Context ctx; @@ -745,6 +745,11 @@ void decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, int confounder_len = 8; uint8_t confounder[8]; + if (session_key->length != 16) { + DEBUG(10,("invalid session key\n")); + return WERR_BAD_PASSWORD; + } + memcpy(&confounder, &pwd_buf->data[0], confounder_len); memcpy(&buffer, &pwd_buf->data[8], 516); @@ -755,7 +760,11 @@ void decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, SamOEMhashBlob(buffer, 516, &confounded_session_key); - decode_pw_buffer(mem_ctx, buffer, pwd, &pwd_len, STR_UNICODE); + if (!decode_pw_buffer(mem_ctx, buffer, pwd, &pwd_len, STR_UNICODE)) { + return WERR_BAD_PASSWORD; + } data_blob_free(&confounded_session_key); + + return WERR_OK; } -- cgit