diff options
| author | Richard Sharpe <rsharpe@samba.org> | 2015-08-24 20:26:42 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2015-08-25 21:45:18 +0200 |
| commit | dba9e631bd1e1c7e00430b72f0c60b32ee4eeb33 (patch) | |
| tree | caa5e773d49f78dd7d7c23e3328714539b64c5e5 /auth/ntlmssp/ntlmssp_client.c | |
| parent | 4e178ed498c594ffcd5592d0b792d47b064b9586 (diff) | |
| download | samba-dba9e631bd1e1c7e00430b72f0c60b32ee4eeb33.tar.gz | |
Prevent a crash in Python modules that try to authenticate by ensuring we reject cases where credendials fields are not intialized.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 25 21:45:18 CEST 2015 on sn-devel-104
Diffstat (limited to 'auth/ntlmssp/ntlmssp_client.c')
| -rw-r--r-- | auth/ntlmssp/ntlmssp_client.c | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c index d8531e4c2e9..b22619b23a5 100644 --- a/auth/ntlmssp/ntlmssp_client.c +++ b/auth/ntlmssp/ntlmssp_client.c @@ -147,7 +147,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security, DATA_BLOB encrypted_session_key = data_blob(NULL, 0); NTSTATUS nt_status; int flags = 0; - const char *user, *domain; + const char *user = NULL, *domain = NULL, *workstation = NULL; TALLOC_CTX *mem_ctx = talloc_new(out_mem_ctx); if (!mem_ctx) { @@ -256,6 +256,23 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security, cli_credentials_get_ntlm_username_domain(gensec_security->credentials, mem_ctx, &user, &domain); + workstation = cli_credentials_get_workstation(gensec_security->credentials); + + if (user == NULL) { + DEBUG(10, ("User is NULL, returning INVALID_PARAMETER\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + if (domain == NULL) { + DEBUG(10, ("Domain is NULL, returning INVALID_PARAMETER\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + if (workstation == NULL) { + DEBUG(10, ("Workstation is NULL, returning INVALID_PARAMETER\n")); + return NT_STATUS_INVALID_PARAMETER; + } + if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { flags |= CLI_CRED_NTLM2; } @@ -337,7 +354,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security, nt_response.data, nt_response.length, domain, user, - cli_credentials_get_workstation(gensec_security->credentials), + workstation, encrypted_session_key.data, encrypted_session_key.length, ntlmssp_state->neg_flags); if (!NT_STATUS_IS_OK(nt_status)) { |