118 lines
3.1 KiB
Diff
118 lines
3.1 KiB
Diff
From 0d2898429e7eb2ca144885d5a1f9485cca620464 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Mon, 8 Jul 2019 18:21:18 +0200
|
|
Subject: [PATCH 028/187] libcli:auth: Use
|
|
samba_gnutls_arcfour_confounded_md5() in decode_wkssvc_join_password_buffer()
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit bcf7808d3aa8a5932a40955e4b764f55061e07d7)
|
|
---
|
|
libcli/auth/smbencrypt.c | 71 ++++++++++++++--------------------------
|
|
1 file changed, 24 insertions(+), 47 deletions(-)
|
|
|
|
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
|
|
index 823e16a3387..cc5e1fbb899 100644
|
|
--- a/libcli/auth/smbencrypt.c
|
|
+++ b/libcli/auth/smbencrypt.c
|
|
@@ -1011,70 +1011,47 @@ WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
|
|
DATA_BLOB *session_key,
|
|
char **pwd)
|
|
{
|
|
- gnutls_hash_hd_t hash_hnd = NULL;
|
|
- uint8_t buffer[516];
|
|
- size_t pwd_len;
|
|
- WERROR result;
|
|
+ uint8_t _confounder[8];
|
|
+ DATA_BLOB confounder = data_blob_const(_confounder, 8);
|
|
+ uint8_t pwbuf[516] = {0};
|
|
+ DATA_BLOB decrypt_pwbuf = data_blob_const(pwbuf, 516);
|
|
bool ok;
|
|
int rc;
|
|
|
|
- DATA_BLOB confounded_session_key;
|
|
-
|
|
- int confounder_len = 8;
|
|
- uint8_t confounder[8];
|
|
-
|
|
- *pwd = NULL;
|
|
-
|
|
- if (!pwd_buf) {
|
|
+ if (pwd_buf == NULL) {
|
|
return WERR_INVALID_PASSWORD;
|
|
}
|
|
|
|
+ *pwd = NULL;
|
|
+
|
|
if (session_key->length != 16) {
|
|
DEBUG(10,("invalid session key\n"));
|
|
return WERR_INVALID_PASSWORD;
|
|
}
|
|
|
|
- confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
|
|
+ confounder = data_blob_const(&pwd_buf->data[0], 8);
|
|
+ memcpy(&pwbuf, &pwd_buf->data[8], 516);
|
|
|
|
- memcpy(&confounder, &pwd_buf->data[0], confounder_len);
|
|
- memcpy(&buffer, &pwd_buf->data[8], 516);
|
|
-
|
|
- rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
|
|
- if (rc < 0) {
|
|
- result = gnutls_error_to_werror(rc, WERR_CONTENT_BLOCKED);
|
|
- goto out;
|
|
- }
|
|
-
|
|
- rc = gnutls_hash(hash_hnd, session_key->data, session_key->length);
|
|
- if (rc < 0) {
|
|
- gnutls_hash_deinit(hash_hnd, NULL);
|
|
- result = gnutls_error_to_werror(rc, WERR_CONTENT_BLOCKED);
|
|
- goto out;
|
|
- }
|
|
- rc = gnutls_hash(hash_hnd, confounder, confounder_len);
|
|
+ rc = samba_gnutls_arcfour_confounded_md5(session_key,
|
|
+ &confounder,
|
|
+ &decrypt_pwbuf,
|
|
+ SAMBA_GNUTLS_ENCRYPT);
|
|
if (rc < 0) {
|
|
- gnutls_hash_deinit(hash_hnd, NULL);
|
|
- result = gnutls_error_to_werror(rc, WERR_CONTENT_BLOCKED);
|
|
- goto out;
|
|
+ ZERO_ARRAY(_confounder);
|
|
+ TALLOC_FREE(pwd_buf);
|
|
+ return gnutls_error_to_werror(rc, WERR_CONTENT_BLOCKED);
|
|
}
|
|
- gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
|
|
|
|
- arcfour_crypt_blob(buffer, 516, &confounded_session_key);
|
|
-
|
|
- ok = decode_pw_buffer(mem_ctx, buffer, pwd, &pwd_len, CH_UTF16);
|
|
-
|
|
- ZERO_ARRAY(confounder);
|
|
- ZERO_ARRAY(buffer);
|
|
-
|
|
- data_blob_clear_free(&confounded_session_key);
|
|
+ ok = decode_pw_buffer(mem_ctx,
|
|
+ decrypt_pwbuf.data,
|
|
+ pwd,
|
|
+ &decrypt_pwbuf.length,
|
|
+ CH_UTF16);
|
|
+ ZERO_ARRAY(pwbuf);
|
|
|
|
if (!ok) {
|
|
- result = WERR_INVALID_PASSWORD;
|
|
- goto out;
|
|
+ return WERR_INVALID_PASSWORD;
|
|
}
|
|
|
|
- result = WERR_OK;
|
|
-out:
|
|
- return result;
|
|
+ return WERR_OK;
|
|
}
|
|
-
|
|
--
|
|
2.23.0
|
|
|