From 8075ae29c9e3e0af99f035883f4ddc545d5e328b Mon Sep 17 00:00:00 2001

From: Andreas Schneider <asn@samba.org>

Date: Wed, 13 Nov 2019 09:39:19 +0100

Subject: [PATCH 146/187] libcli:auth: Check return value of

 netlogon_creds_init_128bit()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andreas Schneider <asn@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

(cherry picked from commit 2c21cd6d49d56611acb2f364473d8c2e73e74545)

---

 libcli/auth/credentials.c | 14 ++++++++++----

 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c

index baa436df71b..1c01930a9d9 100644

--- a/libcli/auth/credentials.c

+++ b/libcli/auth/credentials.c

@@ -580,6 +580,8 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me

 {

 	struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);

+	NTSTATUS status;

+

 	if (!creds) {

 		return NULL;

@@ -604,8 +606,6 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me

 	}

 	if (negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {

-		NTSTATUS status;

-

 		status = netlogon_creds_init_hmac_sha256(creds,

 							 client_challenge,

 							 server_challenge,

@@ -615,8 +615,14 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me

 			return NULL;

 		}

 	} else if (negotiate_flags & NETLOGON_NEG_STRONG_KEYS) {

-		netlogon_creds_init_128bit(creds, client_challenge, server_challenge,

-					   machine_password);

+		status = netlogon_creds_init_128bit(creds,

+						    client_challenge,

+						    server_challenge,

+						    machine_password);

+		if (!NT_STATUS_IS_OK(status)) {

+			talloc_free(creds);

+			return NULL;

+		}

 	} else {

 		netlogon_creds_init_64bit(creds, client_challenge, server_challenge,

 					  machine_password);

-- 

2.23.0