CVE-2016-2110: auth/ntlmssp: let ntlmssp_handle_neg_flags() return NTSTATUS

In future we can do a more fine granted negotiation and assert specific security features. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2015-12-01 08:46:45 +0100
committer: Stefan Metzmacher <metze@samba.org> 2016-04-12 19:25:22 +0200
commit: 61ec7f069d777e2688657b490c07ce7499bd7221 (patch)
tree: 8fd7bb9b358748d93fa9d7adf2bd4d19e4c1ace4 /auth/ntlmssp/ntlmssp_client.c
parent: e4bab3a8282d263eb2391bc7e8a6fd64ae068935 (diff)
download: samba-61ec7f069d777e2688657b490c07ce7499bd7221.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index fe9e5d46623..bf3b8c0dd5f 100644
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -247,7 +247,11 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
 	DEBUG(3, ("Got challenge flags:\n"));
 	debug_ntlmssp_flags(chal_flags);
 
-	ntlmssp_handle_neg_flags(ntlmssp_state, chal_flags, ntlmssp_state->allow_lm_key);
+	nt_status = ntlmssp_handle_neg_flags(ntlmssp_state,
+					     chal_flags, "challenge");
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	}
 
 	if (ntlmssp_state->unicode) {
 		if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) {
author	Stefan Metzmacher <metze@samba.org>	2015-12-01 08:46:45 +0100
committer	Stefan Metzmacher <metze@samba.org>	2016-04-12 19:25:22 +0200
commit	61ec7f069d777e2688657b490c07ce7499bd7221 (patch)
tree	8fd7bb9b358748d93fa9d7adf2bd4d19e4c1ace4 /auth/ntlmssp/ntlmssp_client.c
parent	e4bab3a8282d263eb2391bc7e8a6fd64ae068935 (diff)
download	samba-61ec7f069d777e2688657b490c07ce7499bd7221.tar.gz