rpms / samba

Clone
Source Code
GIT

Blame SOURCES/0106-s4-rpc_server-backupkey-consistently-check-error-cod.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c7-sig-storage-samba-411 c8 c8-beta c8-sig-storage-samba-411 c8-sig-storage-samba-412 c8-sig-storage-samba-413 c8-sig-storage-samba-414 c8-sig-storage-samba-415 c8s c8s-sig-storage-samba-413 c8s-sig-storage-samba-414 c8s-sig-storage-samba-415 c8s-sig-storage-samba-416 c8s-sig-storage-samba-417 c8s-sig-storage-samba-418 c8s-sig-storage-samba-419 c8s-sig-storage-samba-420 c9 c9-beta c9s-sig-storage-samba-414 c9s-sig-storage-samba-415 c9s-sig-storage-samba-416 c9s-sig-storage-samba-417 c9s-sig-storage-samba-418 c9s-sig-storage-samba-419 c9s-sig-storage-samba-420 c9s-sig-storage-samba-421
  1.   8683206b0a75e122dc03b497e4a663ac3491c75e
  2.   SOURCES
  3.   0106-s4-rpc_server-backupkey-consistently-check-error-cod.patch
Blob History Raw
b6b438 
From ac505bb247d1f63d6c22d380e4db5a5f84cd2ff1 Mon Sep 17 00:00:00 2001
b6b438 
From: Andrew Bartlett <abartlet@samba.org>
b6b438 
Date: Fri, 16 Aug 2019 16:08:57 +1200
b6b438 
Subject: [PATCH 106/187] s4-rpc_server/backupkey: consistently check error
b6b438 
 codes from GnuTLS
b6b438
b6b438 
This uses the new gnutls_error_to_werror()
b6b438
b6b438 
This should resolve Coverity 1452111 as forwarded by Volker.
b6b438
b6b438 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
b6b438 
Reviewed-by: Andreas Schneider <asn@samba.org>
b6b438 
(cherry picked from commit 2d54559aad9af81cf21d223dad28b48184c59f44)
b6b438 
---
b6b438 
 .../rpc_server/backupkey/dcesrv_backupkey.c   | 146 +++++++++++-------
b6b438 
 source4/rpc_server/wscript_build              |   2 +-
b6b438 
 2 files changed, 92 insertions(+), 56 deletions(-)
b6b438
b6b438 
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
b6b438 
index a826ae083f4..cea6a28e4e2 100644
b6b438 
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
b6b438 
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
b6b438 
@@ -42,6 +42,8 @@
b6b438 
 #include <gnutls/crypto.h>
b6b438 
 #include <gnutls/abstract.h>
b6b438
b6b438 
+#include "lib/crypto/gnutls_helpers.h"
b6b438 
+
b6b438 
 #define DCESRV_INTERFACE_BACKUPKEY_BIND(context, iface) \
b6b438 
 	dcesrv_interface_backupkey_bind(context, iface)
b6b438 
 static NTSTATUS dcesrv_interface_backupkey_bind(struct dcesrv_connection_context *context,
b6b438 
@@ -1439,15 +1441,23 @@ static WERROR bkrp_server_wrap_decrypt_data(struct dcesrv_call_state *dce_call,
b6b438 
 	 * BACKUPKEY_BACKUP_GUID, it really is the whole key
b6b438 
 	 */
b6b438
b6b438 
-	gnutls_hmac_init(&hmac_hnd,
b6b438 
-			 GNUTLS_MAC_SHA1,
b6b438 
-			 server_key.key,
b6b438 
-			 sizeof(server_key.key));
b6b438 
-	gnutls_hmac(hmac_hnd,
b6b438 
+	rc = gnutls_hmac_init(&hmac_hnd,
b6b438 
+			      GNUTLS_MAC_SHA1,
b6b438 
+			      server_key.key,
b6b438 
+			      sizeof(server_key.key));
b6b438 
+	if (rc != GNUTLS_E_SUCCESS) {
b6b438 
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
b6b438 
+	}
b6b438 
+
b6b438 
+	rc = gnutls_hmac(hmac_hnd,
b6b438 
 		    decrypt_request.r2,
b6b438 
 		    sizeof(decrypt_request.r2));
b6b438 
-	gnutls_hmac_output(hmac_hnd, symkey);
b6b438
b6b438 
+	if (rc != GNUTLS_E_SUCCESS) {
b6b438 
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
b6b438 
+	}
b6b438 
+
b6b438 
+	gnutls_hmac_output(hmac_hnd, symkey);
b6b438 
 	dump_data_pw("symkey: \n", symkey, sizeof(symkey));
b6b438
b6b438 
 	/* rc4 decrypt sid and secret using sym key */
b6b438 
@@ -1462,9 +1472,7 @@ static WERROR bkrp_server_wrap_decrypt_data(struct dcesrv_call_state *dce_call,
b6b438 
 				&cipher_key,
b6b438 
 				NULL);
b6b438 
 	if (rc != GNUTLS_E_SUCCESS) {
b6b438 
-		DBG_ERR("gnutls_cipher_init failed - %s\n",
b6b438 
-			gnutls_strerror(rc));
b6b438 
-		return WERR_INVALID_PARAMETER;
b6b438 
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
b6b438 
 	}
b6b438 
 	rc = gnutls_cipher_encrypt2(cipher_hnd,
b6b438 
 				    encrypted_blob.data,
b6b438 
@@ -1473,9 +1481,7 @@ static WERROR bkrp_server_wrap_decrypt_data(struct dcesrv_call_state *dce_call,
b6b438 
 				    encrypted_blob.length);
b6b438 
 	gnutls_cipher_deinit(cipher_hnd);
b6b438 
 	if (rc != GNUTLS_E_SUCCESS) {
b6b438 
-		DBG_ERR("gnutls_cipher_encrypt2 failed - %s\n",
b6b438 
-			gnutls_strerror(rc));
b6b438 
-		return WERR_INVALID_PARAMETER;
b6b438 
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
b6b438 
 	}
b6b438
b6b438 
 	ndr_err = ndr_pull_struct_blob_all(&encrypted_blob, mem_ctx, &rc4payload,
b6b438 
@@ -1494,9 +1500,13 @@ static WERROR bkrp_server_wrap_decrypt_data(struct dcesrv_call_state *dce_call,
b6b438 
 	 * This is *not* the leading 64 bytes, as indicated in MS-BKRP 3.1.4.1.1
b6b438 
 	 * BACKUPKEY_BACKUP_GUID, it really is the whole key
b6b438 
 	 */
b6b438 
-	gnutls_hmac(hmac_hnd,
b6b438 
-		    rc4payload.r3,
b6b438 
-		    sizeof(rc4payload.r3));
b6b438 
+	rc = gnutls_hmac(hmac_hnd,
b6b438 
+			 rc4payload.r3,
b6b438 
+			 sizeof(rc4payload.r3));
b6b438 
+	if (rc != GNUTLS_E_SUCCESS) {
b6b438 
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
b6b438 
+	}
b6b438 
+
b6b438 
 	gnutls_hmac_deinit(hmac_hnd, mackey);
b6b438
b6b438 
 	dump_data_pw("mackey: \n", mackey, sizeof(mackey));
b6b438 
@@ -1507,20 +1517,31 @@ static WERROR bkrp_server_wrap_decrypt_data(struct dcesrv_call_state *dce_call,
b6b438 
 		return WERR_INTERNAL_ERROR;
b6b438 
 	}
b6b438
b6b438 
-	gnutls_hmac_init(&hmac_hnd,
b6b438 
-			 GNUTLS_MAC_SHA1,
b6b438 
-			 mackey,
b6b438 
-			 sizeof(mackey));
b6b438 
+	rc = gnutls_hmac_init(&hmac_hnd,
b6b438 
+			      GNUTLS_MAC_SHA1,
b6b438 
+			      mackey,
b6b438 
+			      sizeof(mackey));
b6b438 
+	if (rc != GNUTLS_E_SUCCESS) {
b6b438 
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
b6b438 
+	}
b6b438 
+
b6b438 
 	/* SID field */
b6b438 
-	gnutls_hmac(hmac_hnd,
b6b438 
-		    sid_blob.data,
b6b438 
-		    sid_blob.length);
b6b438 
+	rc = gnutls_hmac(hmac_hnd,
b6b438 
+			 sid_blob.data,
b6b438 
+			 sid_blob.length);
b6b438 
+	if (rc != GNUTLS_E_SUCCESS) {
b6b438 
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
b6b438 
+	}
b6b438 
+
b6b438 
 	/* Secret field */
b6b438 
-	gnutls_hmac(hmac_hnd,
b6b438 
-		    rc4payload.secret_data.data,
b6b438 
-		    rc4payload.secret_data.length);
b6b438 
-	gnutls_hmac_deinit(hmac_hnd, mac);
b6b438 
+	rc = gnutls_hmac(hmac_hnd,
b6b438 
+			 rc4payload.secret_data.data,
b6b438 
+			 rc4payload.secret_data.length);
b6b438 
+	if (rc != GNUTLS_E_SUCCESS) {
b6b438 
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
b6b438 
+	}
b6b438
b6b438 
+	gnutls_hmac_deinit(hmac_hnd, mac);
b6b438 
 	dump_data_pw("mac: \n", mac, sizeof(mac));
b6b438 
 	dump_data_pw("rc4payload.mac: \n", rc4payload.mac, sizeof(rc4payload.mac));
b6b438
b6b438 
@@ -1657,26 +1678,34 @@ static WERROR bkrp_server_wrap_encrypt_data(struct dcesrv_call_state *dce_call,
b6b438 
 	 * This is *not* the leading 64 bytes, as indicated in MS-BKRP 3.1.4.1.1
b6b438 
 	 * BACKUPKEY_BACKUP_GUID, it really is the whole key
b6b438 
 	 */
b6b438 
-	gnutls_hmac_init(&hmac_hnd,
b6b438 
-			 GNUTLS_MAC_SHA1,
b6b438 
-			 server_key.key,
b6b438 
-			 sizeof(server_key.key));
b6b438 
-	gnutls_hmac(hmac_hnd,
b6b438 
-		    server_side_wrapped.r2,
b6b438 
-		    sizeof(server_side_wrapped.r2));
b6b438 
-	gnutls_hmac_output(hmac_hnd, symkey);
b6b438 
+	rc = gnutls_hmac_init(&hmac_hnd,
b6b438 
+			      GNUTLS_MAC_SHA1,
b6b438 
+			      server_key.key,
b6b438 
+			      sizeof(server_key.key));
b6b438 
+	if (rc != GNUTLS_E_SUCCESS) {
b6b438 
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
b6b438 
+	}
b6b438
b6b438 
+	rc = gnutls_hmac(hmac_hnd,
b6b438 
+			 server_side_wrapped.r2,
b6b438 
+			 sizeof(server_side_wrapped.r2));
b6b438 
+	if (rc != GNUTLS_E_SUCCESS) {
b6b438 
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
b6b438 
+	}
b6b438 
+	gnutls_hmac_output(hmac_hnd, symkey);
b6b438 
 	dump_data_pw("symkey: \n", symkey, sizeof(symkey));
b6b438
b6b438 
 	/*
b6b438 
 	 * This is *not* the leading 64 bytes, as indicated in MS-BKRP 3.1.4.1.1
b6b438 
 	 * BACKUPKEY_BACKUP_GUID, it really is the whole key
b6b438 
 	 */
b6b438 
-	gnutls_hmac(hmac_hnd,
b6b438 
-		    rc4payload.r3,
b6b438 
-		    sizeof(rc4payload.r3));
b6b438 
+	rc = gnutls_hmac(hmac_hnd,
b6b438 
+			 rc4payload.r3,
b6b438 
+			 sizeof(rc4payload.r3));
b6b438 
+	if (rc != GNUTLS_E_SUCCESS) {
b6b438 
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
b6b438 
+	}
b6b438 
 	gnutls_hmac_deinit(hmac_hnd, mackey);
b6b438 
-
b6b438 
 	dump_data_pw("mackey: \n", mackey, sizeof(mackey));
b6b438
b6b438 
 	ndr_err = ndr_push_struct_blob(&sid_blob, mem_ctx, caller_sid,
b6b438 
@@ -1688,20 +1717,31 @@ static WERROR bkrp_server_wrap_encrypt_data(struct dcesrv_call_state *dce_call,
b6b438 
 	rc4payload.secret_data.data = r->in.data_in;
b6b438 
 	rc4payload.secret_data.length = r->in.data_in_len;
b6b438
b6b438 
-	gnutls_hmac_init(&hmac_hnd,
b6b438 
-			 GNUTLS_MAC_SHA1,
b6b438 
-			 mackey,
b6b438 
-			 sizeof(mackey));
b6b438 
+	rc = gnutls_hmac_init(&hmac_hnd,
b6b438 
+			      GNUTLS_MAC_SHA1,
b6b438 
+			      mackey,
b6b438 
+			      sizeof(mackey));
b6b438 
+	if (rc != GNUTLS_E_SUCCESS) {
b6b438 
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
b6b438 
+	}
b6b438 
+
b6b438 
 	/* SID field */
b6b438 
-	gnutls_hmac(hmac_hnd,
b6b438 
-		    sid_blob.data,
b6b438 
-		    sid_blob.length);
b6b438 
+	rc = gnutls_hmac(hmac_hnd,
b6b438 
+			 sid_blob.data,
b6b438 
+			 sid_blob.length);
b6b438 
+	if (rc != GNUTLS_E_SUCCESS) {
b6b438 
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
b6b438 
+	}
b6b438 
+
b6b438 
 	/* Secret field */
b6b438 
-	gnutls_hmac(hmac_hnd,
b6b438 
-		    rc4payload.secret_data.data,
b6b438 
-		    rc4payload.secret_data.length);
b6b438 
-	gnutls_hmac_deinit(hmac_hnd, rc4payload.mac);
b6b438 
+	rc = gnutls_hmac(hmac_hnd,
b6b438 
+			 rc4payload.secret_data.data,
b6b438 
+			 rc4payload.secret_data.length);
b6b438 
+	if (rc != GNUTLS_E_SUCCESS) {
b6b438 
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
b6b438 
+	}
b6b438
b6b438 
+	gnutls_hmac_deinit(hmac_hnd, rc4payload.mac);
b6b438 
 	dump_data_pw("rc4payload.mac: \n", rc4payload.mac, sizeof(rc4payload.mac));
b6b438
b6b438 
 	rc4payload.sid = *caller_sid;
b6b438 
@@ -1721,9 +1761,7 @@ static WERROR bkrp_server_wrap_encrypt_data(struct dcesrv_call_state *dce_call,
b6b438 
 				&cipher_key,
b6b438 
 				NULL);
b6b438 
 	if (rc != GNUTLS_E_SUCCESS) {
b6b438 
-		DBG_ERR("gnutls_cipher_init failed - %s\n",
b6b438 
-			gnutls_strerror(rc));
b6b438 
-		return WERR_INVALID_PARAMETER;
b6b438 
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
b6b438 
 	}
b6b438 
 	rc = gnutls_cipher_encrypt2(cipher_hnd,
b6b438 
 				    encrypted_blob.data,
b6b438 
@@ -1732,9 +1770,7 @@ static WERROR bkrp_server_wrap_encrypt_data(struct dcesrv_call_state *dce_call,
b6b438 
 				    encrypted_blob.length);
b6b438 
 	gnutls_cipher_deinit(cipher_hnd);
b6b438 
 	if (rc != GNUTLS_E_SUCCESS) {
b6b438 
-		DBG_ERR("gnutls_cipher_encrypt2 failed - %s\n",
b6b438 
-			gnutls_strerror(rc));
b6b438 
-		return WERR_INVALID_PARAMETER;
b6b438 
+		return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
b6b438 
 	}
b6b438
b6b438 
 	/* create server wrap structure */
b6b438 
diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build
b6b438 
index a5c1c1d9a2c..18ec5aef894 100644
b6b438 
--- a/source4/rpc_server/wscript_build
b6b438 
+++ b/source4/rpc_server/wscript_build
b6b438 
@@ -124,7 +124,7 @@ bld.SAMBA_MODULE('dcerpc_backupkey',
b6b438 
 		 autoproto='backupkey/proto.h',
b6b438 
 		 subsystem='dcerpc_server',
b6b438 
 		 init_function='dcerpc_server_backupkey_init',
b6b438 
-		 deps='samdb DCERPC_COMMON NDR_BACKUPKEY RPC_NDR_BACKUPKEY gnutls',
b6b438 
+		 deps='samdb DCERPC_COMMON NDR_BACKUPKEY RPC_NDR_BACKUPKEY gnutls GNUTLS_HELPERS',
b6b438 
 		 )
b6b438
b6b438
b6b438 
--
b6b438 
2.23.0
b6b438

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation