From 95424817274295c56da3d3a5dc1ba3b2d75b0f8d Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 23 Oct 2006 06:06:35 +0000
Subject: r19464: Reject passwords that cannot be converted into UCS2.

Andrew Bartlett
(This used to be commit c843fce7a0e9b91c4d2de44e7a9ad9599b33ec5c)
---
 source4/libcli/auth/smbencrypt.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'source4/libcli/auth')

diff --git a/source4/libcli/auth/smbencrypt.c b/source4/libcli/auth/smbencrypt.c
index 67da795a44..296d44f5d4 100644
--- a/source4/libcli/auth/smbencrypt.c
+++ b/source4/libcli/auth/smbencrypt.c
@@ -63,18 +63,24 @@ BOOL SMBencrypt(const char *passwd, const uint8_t *c8, uint8_t p24[24])
  * @param p16 return password hashed with md4, caller allocated 16 byte buffer
  */
  
-void E_md4hash(const char *passwd, uint8_t p16[16])
+BOOL E_md4hash(const char *passwd, uint8_t p16[16])
 {
 	int len;
 	void *wpwd;
 
 	len = push_ucs2_talloc(NULL, &wpwd, passwd);
-	SMB_ASSERT(len >= 2);
+	if (len < 2) {
+		/* We don't want to return fixed data, as most callers
+		 * don't check */
+		mdfour(p16, passwd, strlen(passwd));
+		return False;
+	}
 	
 	len -= 2;
 	mdfour(p16, wpwd, len);
 
 	talloc_free(wpwd);
+	return True;
 }
 
 /**
-- 
cgit