diff options
| author | Andreas Schneider <asn@samba.org> | 2019-11-13 12:45:04 +0100 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2019-11-14 08:01:43 +0000 |
| commit | 0914824684b3a69a9926402d447e1d5781f2ec02 (patch) | |
| tree | 542dc14a5ceac5b1fb30cc637241d9d443c37c54 | |
| parent | 045b9eb3f088c66e20bd19e144a2ce3597328d93 (diff) | |
| download | samba-0914824684b3a69a9926402d447e1d5781f2ec02.tar.gz | |
libcli:auth: Check return codes of SMBsesskeygen_ntv2()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| -rw-r--r-- | libcli/auth/ntlm_check.c | 17 | ||||
| -rw-r--r-- | libcli/auth/smbencrypt.c | 15 |
2 files changed, 28 insertions, 4 deletions
diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c index 3844abde528..ba0051d7aea 100644 --- a/libcli/auth/ntlm_check.c +++ b/libcli/auth/ntlm_check.c @@ -142,8 +142,15 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx, data_blob_clear_free(&client_key_data); if (memcmp(value_from_encryption, ntv2_response->data, 16) == 0) { if (user_sess_key != NULL) { + NTSTATUS status; *user_sess_key = data_blob_talloc(mem_ctx, NULL, 16); - SMBsesskeygen_ntv2(kr, value_from_encryption, user_sess_key->data); + + status = SMBsesskeygen_ntv2(kr, + value_from_encryption, + user_sess_key->data); + if (!NT_STATUS_IS_OK(status)) { + return false; + } } return true; } @@ -166,6 +173,7 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx, uint8_t kr[16]; uint8_t value_from_encryption[16]; DATA_BLOB client_key_data; + NTSTATUS status; if (part_passwd == NULL) { DEBUG(10,("No password set - DISALLOWING access\n")); @@ -196,7 +204,12 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx, SMBOWFencrypt_ntv2(kr, sec_blob, &client_key_data, value_from_encryption); *user_sess_key = data_blob_talloc(mem_ctx, NULL, 16); - SMBsesskeygen_ntv2(kr, value_from_encryption, user_sess_key->data); + status = SMBsesskeygen_ntv2(kr, + value_from_encryption, + user_sess_key->data); + if (!NT_STATUS_IS_OK(status)) { + return false; + } return true; } diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c index 904d2c38219..1412274dd21 100644 --- a/libcli/auth/smbencrypt.c +++ b/libcli/auth/smbencrypt.c @@ -551,6 +551,7 @@ bool SMBNTLMv2encrypt_hash(TALLOC_CTX *mem_ctx, DATA_BLOB *lm_session_key, DATA_BLOB *user_session_key) { uint8_t ntlm_v2_hash[16]; + NTSTATUS status; /* We don't use the NT# directly. Instead we use it mashed up with the username and domain. @@ -580,7 +581,12 @@ bool SMBNTLMv2encrypt_hash(TALLOC_CTX *mem_ctx, /* The NTLMv2 calculations also provide a session key, for signing etc later */ /* use only the first 16 bytes of nt_response for session key */ - SMBsesskeygen_ntv2(ntlm_v2_hash, nt_response->data, user_session_key->data); + status = SMBsesskeygen_ntv2(ntlm_v2_hash, + nt_response->data, + user_session_key->data); + if (!NT_STATUS_IS_OK(status)) { + return false; + } } } @@ -599,7 +605,12 @@ bool SMBNTLMv2encrypt_hash(TALLOC_CTX *mem_ctx, /* The NTLMv2 calculations also provide a session key, for signing etc later */ /* use only the first 16 bytes of lm_response for session key */ - SMBsesskeygen_ntv2(ntlm_v2_hash, lm_response->data, lm_session_key->data); + status = SMBsesskeygen_ntv2(ntlm_v2_hash, + lm_response->data, + lm_session_key->data); + if (!NT_STATUS_IS_OK(status)) { + return false; + } } } |