|
|
b6b438 |
From 211f398a262298286029df78530a42fae0c7390d Mon Sep 17 00:00:00 2001
|
|
|
b6b438 |
From: Isaac Boukris <iboukris@gmail.com>
|
|
|
b6b438 |
Date: Thu, 21 Nov 2019 15:13:19 +0100
|
|
|
b6b438 |
Subject: [PATCH 186/187] sess_crypt_blob can only crypt blobs whose size
|
|
|
b6b438 |
divides by 8
|
|
|
b6b438 |
|
|
|
b6b438 |
Signed-off-by: Isaac Boukris <iboukris@samba.org>
|
|
|
b6b438 |
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
b6b438 |
(cherry picked from commit b5d8f1f78a04719c6a5d15aa92ae398be326fe56)
|
|
|
b6b438 |
---
|
|
|
b6b438 |
libcli/auth/session.c | 9 ++++++---
|
|
|
b6b438 |
1 file changed, 6 insertions(+), 3 deletions(-)
|
|
|
b6b438 |
|
|
|
b6b438 |
diff --git a/libcli/auth/session.c b/libcli/auth/session.c
|
|
|
b6b438 |
index 4af70d361af..43ce9d54fdc 100644
|
|
|
b6b438 |
--- a/libcli/auth/session.c
|
|
|
b6b438 |
+++ b/libcli/auth/session.c
|
|
|
b6b438 |
@@ -34,13 +34,16 @@ int sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *sessio
|
|
|
b6b438 |
{
|
|
|
b6b438 |
int i, k, rc;
|
|
|
b6b438 |
|
|
|
b6b438 |
+ if (in->length % 8 != 0) {
|
|
|
b6b438 |
+ return GNUTLS_E_INVALID_REQUEST;
|
|
|
b6b438 |
+ }
|
|
|
b6b438 |
+
|
|
|
b6b438 |
for (i=0,k=0;
|
|
|
b6b438 |
i<in->length;
|
|
|
b6b438 |
i += 8, k += 7) {
|
|
|
b6b438 |
uint8_t bin[8], bout[8], key[7];
|
|
|
b6b438 |
|
|
|
b6b438 |
- memset(bin, 0, 8);
|
|
|
b6b438 |
- memcpy(bin, &in->data[i], MIN(8, in->length-i));
|
|
|
b6b438 |
+ memcpy(bin, &in->data[i], 8);
|
|
|
b6b438 |
|
|
|
b6b438 |
if (k + 7 > session_key->length) {
|
|
|
b6b438 |
k = (session_key->length - k);
|
|
|
b6b438 |
@@ -52,7 +55,7 @@ int sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *sessio
|
|
|
b6b438 |
return rc;
|
|
|
b6b438 |
}
|
|
|
b6b438 |
|
|
|
b6b438 |
- memcpy(&out->data[i], bout, MIN(8, in->length-i));
|
|
|
b6b438 |
+ memcpy(&out->data[i], bout, 8);
|
|
|
b6b438 |
}
|
|
|
b6b438 |
return 0;
|
|
|
b6b438 |
}
|
|
|
b6b438 |
--
|
|
|
b6b438 |
2.23.0
|
|
|
b6b438 |
|