diff options
| author | Stefan Metzmacher <metze@samba.org> | 2020-09-16 16:15:26 +0200 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2020-09-18 12:58:23 +0200 |
| commit | 1665085bb3a3050a6a51af8082dccde61a08ec57 (patch) | |
| tree | 4d1fd406b71ef8a500ffde1f63e600302758a3b3 | |
| parent | 36824951f3a5fb082c98051df6439402c13fac2a (diff) | |
| download | samba-1665085bb3a3050a6a51af8082dccde61a08ec57.tar.gz | |
CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_is_random_challenge() to avoid weak values
This is the check Windows is using, so we won't generate challenges,
which are rejected by Windows DCs (and future Samba DCs).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
| -rw-r--r-- | libcli/auth/credentials.c | 23 | ||||
| -rw-r--r-- | libcli/auth/proto.h | 1 |
2 files changed, 23 insertions, 1 deletions
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index dbbef9e7a3c..64b424c099f 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -27,10 +27,31 @@ #include "../libcli/security/dom_sid.h" +bool netlogon_creds_is_random_challenge(const struct netr_Credential *challenge) +{ + /* + * If none of the first 5 bytes of the client challenge is unique, the + * server MUST fail session-key negotiation without further processing + * of the following steps. + */ + + if (challenge->data[1] == challenge->data[0] && + challenge->data[2] == challenge->data[0] && + challenge->data[3] == challenge->data[0] && + challenge->data[4] == challenge->data[0]) + { + return false; + } + + return true; +} + void netlogon_creds_random_challenge(struct netr_Credential *challenge) { ZERO_STRUCTP(challenge); - generate_random_buffer(challenge->data, sizeof(challenge->data)); + while (!netlogon_creds_is_random_challenge(challenge)) { + generate_random_buffer(challenge->data, sizeof(challenge->data)); + } } static void netlogon_creds_step_crypt(struct netlogon_creds_CredentialState *creds, diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h index 82797d453ed..ad768682b9f 100644 --- a/libcli/auth/proto.h +++ b/libcli/auth/proto.h @@ -11,6 +11,7 @@ /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/credentials.c */ +bool netlogon_creds_is_random_challenge(const struct netr_Credential *challenge); void netlogon_creds_random_challenge(struct netr_Credential *challenge); void netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key); |