diff options
author | Matthieu Patou <mat@matws.net> | 2012-01-21 21:34:06 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2012-01-23 21:30:46 +0100 |
commit | 798461a598609346e90376120c8d5c38f27f1a11 (patch) | |
tree | 9ea506222a84a6fd139b21ae0e2f0d0c635e585f | |
parent | 9bea09193bf86b73bccc9c8b0bde6a19d1ac59be (diff) | |
download | samba-798461a598609346e90376120c8d5c38f27f1a11.tar.gz |
[PATCH] s3: improve the code in the AES encryption.
Remove looping replace them by memcpy.
Fix bug #8674 (Buffer overflow in vfs_smb_traffic_analyzer).
.
(cherry picked from commit 0971582873f90bb592355fb53171d09a8ff3012e)
-rw-r--r-- | source3/modules/vfs_smb_traffic_analyzer.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c index 5c91e3cf4da..5eb217178f3 100644 --- a/source3/modules/vfs_smb_traffic_analyzer.c +++ b/source3/modules/vfs_smb_traffic_analyzer.c @@ -168,27 +168,27 @@ struct refcounted_sock { static char *smb_traffic_analyzer_encrypt( TALLOC_CTX *ctx, const char *akey, const char *str, size_t *len) { - int s1,s2,h,d; + int s1,s2,h; AES_KEY key; unsigned char filler[17]= "................"; char *output; - unsigned char crypted[18]; if (akey == NULL) return NULL; samba_AES_set_encrypt_key((unsigned char *) akey, 128, &key); s1 = strlen(str) / 16; s2 = strlen(str) % 16; - for (h = 0; h < s2; h++) *(filler+h)=*(str+(s1*16)+h); + memcpy(filler, str + (s1*16), s2); DEBUG(10, ("smb_traffic_analyzer_send_data_socket: created %s" " as filling block.\n", filler)); - output = talloc_array(ctx, char, (s1*16)+17 ); - d=0; + + *len = ((s1 + 1)*16); + output = talloc_array(ctx, char, *len); for (h = 0; h < s1; h++) { - samba_AES_encrypt((unsigned char *) str+(16*h), crypted, &key); - for (d = 0; d<16; d++) output[d+(16*h)]=crypted[d]; + samba_AES_encrypt((unsigned char *) str+(16*h), output+16*h, +&key); } samba_AES_encrypt(filler, (unsigned char *)(output+(16*h)), &key); *len = (s1*16)+16; - return output; + return output; } /** |