From 6125794925d054da191cf6c21a76ceb904848710 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 29 May 2019 14:57:52 +0200
Subject: [PATCH 010/187] libcli:auth: Return NTSTATUS for
 encode_or_decode_arc4_passwd_buffer()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 57dd415ba49b9621deddf604a5bf148c10ebc37e)
---
 libcli/auth/proto.h                   |  3 ++-
 libcli/auth/smbencrypt.c              | 10 ++++++++--
 source3/rpc_server/samr/srv_samr_nt.c | 10 ++++++++--
 3 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index afd7f0d148d..651f1139cf5 100644
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -184,7 +184,8 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,
 /***********************************************************
  Decode an arc4 encrypted password change buffer.
 ************************************************************/
-void encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532], const DATA_BLOB *psession_key);
+NTSTATUS encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532],
+					     const DATA_BLOB *psession_key);
 
 /***********************************************************
  encode a password buffer with an already unicode password.  The
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index a74ccf09b02..ae97f3cc93e 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -843,27 +843,32 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,
  Decode an arc4 encrypted password change buffer.
 ************************************************************/
 
-void encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532], const DATA_BLOB *psession_key)
+NTSTATUS encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532],
+					     const DATA_BLOB *psession_key)
 {
 	gnutls_hash_hd_t hash_hnd = NULL;
 	unsigned char key_out[16];
+	NTSTATUS status;
 	int rc;
 
 	/* Confounder is last 16 bytes. */
 
 	rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
 	if (rc < 0) {
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
 		goto out;
 	}
 
 	rc = gnutls_hash(hash_hnd, &pw_buf[516], 16);
 	if (rc < 0) {
 		gnutls_hash_deinit(hash_hnd, NULL);
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
 		goto out;
 	}
 	rc = gnutls_hash(hash_hnd, psession_key->data, psession_key->length);
 	if (rc < 0) {
 		gnutls_hash_deinit(hash_hnd, NULL);
+		status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
 		goto out;
 	}
 	gnutls_hash_deinit(hash_hnd, key_out);
@@ -873,8 +878,9 @@ void encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532], const DATA_B
 
 	ZERO_ARRAY(key_out);
 
+	status = NT_STATUS_OK;
 out:
-	return;
+	return status;
 }
 
 /***********************************************************
diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
index 124d6d38cd7..c2be8bfc19a 100644
--- a/source3/rpc_server/samr/srv_samr_nt.c
+++ b/source3/rpc_server/samr/srv_samr_nt.c
@@ -5185,9 +5185,12 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
 			if(!NT_STATUS_IS_OK(status)) {
 				break;
 			}
-			encode_or_decode_arc4_passwd_buffer(
+			status = encode_or_decode_arc4_passwd_buffer(
 				info->info25.password.data,
 				&session_key);
+			if (!NT_STATUS_IS_OK(status)) {
+				break;
+			}
 
 			dump_data(100, info->info25.password.data, 532);
 
@@ -5201,9 +5204,12 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
 			if(!NT_STATUS_IS_OK(status)) {
 				break;
 			}
-			encode_or_decode_arc4_passwd_buffer(
+			status = encode_or_decode_arc4_passwd_buffer(
 				info->info26.password.data,
 				&session_key);
+			if (!NT_STATUS_IS_OK(status)) {
+				break;
+			}
 
 			dump_data(100, info->info26.password.data, 516);
 
-- 
2.23.0