|
|
1524bc |
From 63820f4d509c10993de827bc99115f57151e8ef4 Mon Sep 17 00:00:00 2001
|
|
|
1524bc |
From: Andrew Bartlett <abartlet@samba.org>
|
|
|
1524bc |
Date: Thu, 14 Nov 2019 11:16:09 +1300
|
|
|
1524bc |
Subject: [PATCH 155/187] libcli:auth Check return code of
|
|
|
1524bc |
netlogon_creds_aes_encrypt()
|
|
|
1524bc |
|
|
|
1524bc |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
|
|
|
1524bc |
|
|
|
1524bc |
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
1524bc |
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
1524bc |
|
|
|
1524bc |
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
|
|
|
1524bc |
Autobuild-Date(master): Thu Nov 14 09:25:36 UTC 2019 on sn-devel-184
|
|
|
1524bc |
|
|
|
1524bc |
(cherry picked from commit 0361a26e395723296899c3d48cff86d532372710)
|
|
|
1524bc |
---
|
|
|
1524bc |
libcli/auth/credentials.c | 8 +++++++-
|
|
|
1524bc |
libcli/auth/netlogon_creds_cli.c | 20 ++++++++++++++------
|
|
|
1524bc |
2 files changed, 21 insertions(+), 7 deletions(-)
|
|
|
1524bc |
|
|
|
1524bc |
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
|
|
|
1524bc |
index c78f2012bf2..f1088a1d8e0 100644
|
|
|
1524bc |
--- a/libcli/auth/credentials.c
|
|
|
1524bc |
+++ b/libcli/auth/credentials.c
|
|
|
1524bc |
@@ -37,10 +37,16 @@ static NTSTATUS netlogon_creds_step_crypt(struct netlogon_creds_CredentialState
|
|
|
1524bc |
const struct netr_Credential *in,
|
|
|
1524bc |
struct netr_Credential *out)
|
|
|
1524bc |
{
|
|
|
1524bc |
+ NTSTATUS status;
|
|
|
1524bc |
if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
|
|
|
1524bc |
memcpy(out->data, in->data, sizeof(out->data));
|
|
|
1524bc |
|
|
|
1524bc |
- netlogon_creds_aes_encrypt(creds, out->data, sizeof(out->data));
|
|
|
1524bc |
+ status = netlogon_creds_aes_encrypt(creds,
|
|
|
1524bc |
+ out->data,
|
|
|
1524bc |
+ sizeof(out->data));
|
|
|
1524bc |
+ if (!NT_STATUS_IS_OK(status)) {
|
|
|
1524bc |
+ return status;
|
|
|
1524bc |
+ }
|
|
|
1524bc |
} else {
|
|
|
1524bc |
des_crypt112(out->data, in->data, creds->session_key, 1);
|
|
|
1524bc |
}
|
|
|
1524bc |
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
|
|
|
1524bc |
index 2123862dbd2..0378f302ffa 100644
|
|
|
1524bc |
--- a/libcli/auth/netlogon_creds_cli.c
|
|
|
1524bc |
+++ b/libcli/auth/netlogon_creds_cli.c
|
|
|
1524bc |
@@ -1995,9 +1995,13 @@ static void netlogon_creds_cli_ServerPasswordSet_locked(struct tevent_req *subre
|
|
|
1524bc |
if (state->tmp_creds.negotiate_flags & NETLOGON_NEG_PASSWORD_SET2) {
|
|
|
1524bc |
|
|
|
1524bc |
if (state->tmp_creds.negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
|
|
|
1524bc |
- netlogon_creds_aes_encrypt(&state->tmp_creds,
|
|
|
1524bc |
- state->samr_crypt_password.data,
|
|
|
1524bc |
- 516);
|
|
|
1524bc |
+ status = netlogon_creds_aes_encrypt(&state->tmp_creds,
|
|
|
1524bc |
+ state->samr_crypt_password.data,
|
|
|
1524bc |
+ 516);
|
|
|
1524bc |
+ if (tevent_req_nterror(req, status)) {
|
|
|
1524bc |
+ netlogon_creds_cli_ServerPasswordSet_cleanup(req, status);
|
|
|
1524bc |
+ return;
|
|
|
1524bc |
+ }
|
|
|
1524bc |
} else {
|
|
|
1524bc |
status = netlogon_creds_arcfour_crypt(&state->tmp_creds,
|
|
|
1524bc |
state->samr_crypt_password.data,
|
|
|
1524bc |
@@ -3708,9 +3712,13 @@ static void netlogon_creds_cli_SendToSam_locked(struct tevent_req *subreq)
|
|
|
1524bc |
ZERO_STRUCT(state->rep_auth);
|
|
|
1524bc |
|
|
|
1524bc |
if (state->tmp_creds.negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
|
|
|
1524bc |
- netlogon_creds_aes_encrypt(&state->tmp_creds,
|
|
|
1524bc |
- state->opaque.data,
|
|
|
1524bc |
- state->opaque.length);
|
|
|
1524bc |
+ status = netlogon_creds_aes_encrypt(&state->tmp_creds,
|
|
|
1524bc |
+ state->opaque.data,
|
|
|
1524bc |
+ state->opaque.length);
|
|
|
1524bc |
+ if (tevent_req_nterror(req, status)) {
|
|
|
1524bc |
+ netlogon_creds_cli_SendToSam_cleanup(req, status);
|
|
|
1524bc |
+ return;
|
|
|
1524bc |
+ }
|
|
|
1524bc |
} else {
|
|
|
1524bc |
status = netlogon_creds_arcfour_crypt(&state->tmp_creds,
|
|
|
1524bc |
state->opaque.data,
|
|
|
1524bc |
--
|
|
|
1524bc |
2.23.0
|
|
|
1524bc |
|