diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2019-11-14 11:16:09 +1300 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2019-11-14 09:25:36 +0000 |
| commit | 0361a26e395723296899c3d48cff86d532372710 (patch) | |
| tree | 3ce2e38d9e4e73dbf5af7584a230e41e7b290fb3 | |
| parent | 32e75bb4cca994af80bb8440009446e4a0ff5d40 (diff) | |
| download | samba-0361a26e395723296899c3d48cff86d532372710.tar.gz | |
libcli:auth Check return code of netlogon_creds_aes_encrypt()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov 14 09:25:36 UTC 2019 on sn-devel-184
| -rw-r--r-- | libcli/auth/credentials.c | 8 | ||||
| -rw-r--r-- | libcli/auth/netlogon_creds_cli.c | 20 |
2 files changed, 21 insertions, 7 deletions
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index c78f2012bf2..f1088a1d8e0 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -37,10 +37,16 @@ static NTSTATUS netlogon_creds_step_crypt(struct netlogon_creds_CredentialState const struct netr_Credential *in, struct netr_Credential *out) { + NTSTATUS status; if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { memcpy(out->data, in->data, sizeof(out->data)); - netlogon_creds_aes_encrypt(creds, out->data, sizeof(out->data)); + status = netlogon_creds_aes_encrypt(creds, + out->data, + sizeof(out->data)); + if (!NT_STATUS_IS_OK(status)) { + return status; + } } else { des_crypt112(out->data, in->data, creds->session_key, 1); } diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c index aac2d454e0f..6f043d774cd 100644 --- a/libcli/auth/netlogon_creds_cli.c +++ b/libcli/auth/netlogon_creds_cli.c @@ -1995,9 +1995,13 @@ static void netlogon_creds_cli_ServerPasswordSet_locked(struct tevent_req *subre if (state->tmp_creds.negotiate_flags & NETLOGON_NEG_PASSWORD_SET2) { if (state->tmp_creds.negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { - netlogon_creds_aes_encrypt(&state->tmp_creds, - state->samr_crypt_password.data, - 516); + status = netlogon_creds_aes_encrypt(&state->tmp_creds, + state->samr_crypt_password.data, + 516); + if (tevent_req_nterror(req, status)) { + netlogon_creds_cli_ServerPasswordSet_cleanup(req, status); + return; + } } else { status = netlogon_creds_arcfour_crypt(&state->tmp_creds, state->samr_crypt_password.data, @@ -3707,9 +3711,13 @@ static void netlogon_creds_cli_SendToSam_locked(struct tevent_req *subreq) ZERO_STRUCT(state->rep_auth); if (state->tmp_creds.negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { - netlogon_creds_aes_encrypt(&state->tmp_creds, - state->opaque.data, - state->opaque.length); + status = netlogon_creds_aes_encrypt(&state->tmp_creds, + state->opaque.data, + state->opaque.length); + if (tevent_req_nterror(req, status)) { + netlogon_creds_cli_SendToSam_cleanup(req, status); + return; + } } else { status = netlogon_creds_arcfour_crypt(&state->tmp_creds, state->opaque.data, |