From 0d2898429e7eb2ca144885d5a1f9485cca620464 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Mon, 8 Jul 2019 18:21:18 +0200 Subject: [PATCH 028/187] libcli:auth: Use samba_gnutls_arcfour_confounded_md5() in decode_wkssvc_join_password_buffer() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031 Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit bcf7808d3aa8a5932a40955e4b764f55061e07d7) --- libcli/auth/smbencrypt.c | 71 ++++++++++++++-------------------------- 1 file changed, 24 insertions(+), 47 deletions(-) diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c index 823e16a3387..cc5e1fbb899 100644 --- a/libcli/auth/smbencrypt.c +++ b/libcli/auth/smbencrypt.c @@ -1011,70 +1011,47 @@ WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, DATA_BLOB *session_key, char **pwd) { - gnutls_hash_hd_t hash_hnd = NULL; - uint8_t buffer[516]; - size_t pwd_len; - WERROR result; + uint8_t _confounder[8]; + DATA_BLOB confounder = data_blob_const(_confounder, 8); + uint8_t pwbuf[516] = {0}; + DATA_BLOB decrypt_pwbuf = data_blob_const(pwbuf, 516); bool ok; int rc; - DATA_BLOB confounded_session_key; - - int confounder_len = 8; - uint8_t confounder[8]; - - *pwd = NULL; - - if (!pwd_buf) { + if (pwd_buf == NULL) { return WERR_INVALID_PASSWORD; } + *pwd = NULL; + if (session_key->length != 16) { DEBUG(10,("invalid session key\n")); return WERR_INVALID_PASSWORD; } - confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16); + confounder = data_blob_const(&pwd_buf->data[0], 8); + memcpy(&pwbuf, &pwd_buf->data[8], 516); - memcpy(&confounder, &pwd_buf->data[0], confounder_len); - memcpy(&buffer, &pwd_buf->data[8], 516); - - rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5); - if (rc < 0) { - result = gnutls_error_to_werror(rc, WERR_CONTENT_BLOCKED); - goto out; - } - - rc = gnutls_hash(hash_hnd, session_key->data, session_key->length); - if (rc < 0) { - gnutls_hash_deinit(hash_hnd, NULL); - result = gnutls_error_to_werror(rc, WERR_CONTENT_BLOCKED); - goto out; - } - rc = gnutls_hash(hash_hnd, confounder, confounder_len); + rc = samba_gnutls_arcfour_confounded_md5(session_key, + &confounder, + &decrypt_pwbuf, + SAMBA_GNUTLS_ENCRYPT); if (rc < 0) { - gnutls_hash_deinit(hash_hnd, NULL); - result = gnutls_error_to_werror(rc, WERR_CONTENT_BLOCKED); - goto out; + ZERO_ARRAY(_confounder); + TALLOC_FREE(pwd_buf); + return gnutls_error_to_werror(rc, WERR_CONTENT_BLOCKED); } - gnutls_hash_deinit(hash_hnd, confounded_session_key.data); - arcfour_crypt_blob(buffer, 516, &confounded_session_key); - - ok = decode_pw_buffer(mem_ctx, buffer, pwd, &pwd_len, CH_UTF16); - - ZERO_ARRAY(confounder); - ZERO_ARRAY(buffer); - - data_blob_clear_free(&confounded_session_key); + ok = decode_pw_buffer(mem_ctx, + decrypt_pwbuf.data, + pwd, + &decrypt_pwbuf.length, + CH_UTF16); + ZERO_ARRAY(pwbuf); if (!ok) { - result = WERR_INVALID_PASSWORD; - goto out; + return WERR_INVALID_PASSWORD; } - result = WERR_OK; -out: - return result; + return WERR_OK; } - -- 2.23.0