From 042dc64f099a2aa2dd44ba9a00c29e05eed0848b Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 13 Nov 2019 12:45:04 +0100
Subject: [PATCH 140/187] libcli:auth: Check return codes of
 SMBsesskeygen_ntv2()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 0914824684b3a69a9926402d447e1d5781f2ec02)
---
 libcli/auth/ntlm_check.c | 17 +++++++++++++++--
 libcli/auth/smbencrypt.c | 15 +++++++++++++--
 2 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c
index 3844abde528..ba0051d7aea 100644
--- a/libcli/auth/ntlm_check.c
+++ b/libcli/auth/ntlm_check.c
@@ -142,8 +142,15 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx,
 	data_blob_clear_free(&client_key_data);
 	if (memcmp(value_from_encryption, ntv2_response->data, 16) == 0) { 
 		if (user_sess_key != NULL) {
+			NTSTATUS status;
 			*user_sess_key = data_blob_talloc(mem_ctx, NULL, 16);
-			SMBsesskeygen_ntv2(kr, value_from_encryption, user_sess_key->data);
+
+			status = SMBsesskeygen_ntv2(kr,
+						    value_from_encryption,
+						    user_sess_key->data);
+			if (!NT_STATUS_IS_OK(status)) {
+				return false;
+			}
 		}
 		return true;
 	}
@@ -166,6 +173,7 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx,
 	uint8_t kr[16];
 	uint8_t value_from_encryption[16];
 	DATA_BLOB client_key_data;
+	NTSTATUS status;
 
 	if (part_passwd == NULL) {
 		DEBUG(10,("No password set - DISALLOWING access\n"));
@@ -196,7 +204,12 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx,
 
 	SMBOWFencrypt_ntv2(kr, sec_blob, &client_key_data, value_from_encryption);
 	*user_sess_key = data_blob_talloc(mem_ctx, NULL, 16);
-	SMBsesskeygen_ntv2(kr, value_from_encryption, user_sess_key->data);
+	status = SMBsesskeygen_ntv2(kr,
+				    value_from_encryption,
+				    user_sess_key->data);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
 	return true;
 }
 
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index 904d2c38219..1412274dd21 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -551,6 +551,7 @@ bool SMBNTLMv2encrypt_hash(TALLOC_CTX *mem_ctx,
 			   DATA_BLOB *lm_session_key, DATA_BLOB *user_session_key)
 {
 	uint8_t ntlm_v2_hash[16];
+	NTSTATUS status;
 
 	/* We don't use the NT# directly.  Instead we use it mashed up with
 	   the username and domain.
@@ -580,7 +581,12 @@ bool SMBNTLMv2encrypt_hash(TALLOC_CTX *mem_ctx,
 
 			/* The NTLMv2 calculations also provide a session key, for signing etc later */
 			/* use only the first 16 bytes of nt_response for session key */
-			SMBsesskeygen_ntv2(ntlm_v2_hash, nt_response->data, user_session_key->data);
+			status = SMBsesskeygen_ntv2(ntlm_v2_hash,
+						    nt_response->data,
+						    user_session_key->data);
+			if (!NT_STATUS_IS_OK(status)) {
+				return false;
+			}
 		}
 	}
 
@@ -599,7 +605,12 @@ bool SMBNTLMv2encrypt_hash(TALLOC_CTX *mem_ctx,
 
 			/* The NTLMv2 calculations also provide a session key, for signing etc later */
 			/* use only the first 16 bytes of lm_response for session key */
-			SMBsesskeygen_ntv2(ntlm_v2_hash, lm_response->data, lm_session_key->data);
+			status = SMBsesskeygen_ntv2(ntlm_v2_hash,
+						    lm_response->data,
+						    lm_session_key->data);
+			if (!NT_STATUS_IS_OK(status)) {
+				return false;
+			}
 		}
 	}
 
-- 
2.23.0