CVE-2016-2110: auth/ntlmssp: call ntlmssp_sign_init if we provide GENSEC_FEATURE_SIGN

It's important to check if got the GENSEC_FEATURE_SIGN and if the caller wanted it. The caller may only asked for GENSEC_FEATURE_SESSION_KEY which implicitly negotiates NTLMSSP_NEGOTIATE_SIGN, which might indicate GENSEC_FEATURE_SIGN to the SPNEGO glue code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2013-12-16 11:27:27 +0100
committer: Stefan Metzmacher <metze@samba.org> 2016-04-12 19:25:23 +0200
commit: fa8c65626e33be66c707931f7a4fc1e2798823a4 (patch)
tree: 0ca79862a7a94dee488fedcf4821986863aac575 /auth/ntlmssp/ntlmssp_server.c
parent: 1e3bd3e6ac9d5bc97d6361d89abd7990bcaf91b8 (diff)
download: samba-fa8c65626e33be66c707931f7a4fc1e2798823a4.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
index 513d4a6e456..7013df78329 100644
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -598,7 +598,7 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
 		talloc_steal(ntlmssp_state, session_key.data);
 	}
 
-	if (ntlmssp_state->session_key.length) {
+	if (gensec_ntlmssp_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
 		nt_status = ntlmssp_sign_init(ntlmssp_state);
 	}
author	Stefan Metzmacher <metze@samba.org>	2013-12-16 11:27:27 +0100
committer	Stefan Metzmacher <metze@samba.org>	2016-04-12 19:25:23 +0200
commit	fa8c65626e33be66c707931f7a4fc1e2798823a4 (patch)
tree	0ca79862a7a94dee488fedcf4821986863aac575 /auth/ntlmssp/ntlmssp_server.c
parent	1e3bd3e6ac9d5bc97d6361d89abd7990bcaf91b8 (diff)
download	samba-fa8c65626e33be66c707931f7a4fc1e2798823a4.tar.gz