From 001735a804914de936699e95fce898a593ba24ec Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 17 Dec 2013 12:42:06 +0100
Subject: CVE-2016-2110: libcli/auth: use enum spnego_negResult instead of
 uint8_t
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---
 libcli/auth/spnego.h       | 2 +-
 libcli/auth/spnego_parse.c | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

(limited to 'libcli')

diff --git a/libcli/auth/spnego.h b/libcli/auth/spnego.h
index 539b90336f0..73196e61387 100644
--- a/libcli/auth/spnego.h
+++ b/libcli/auth/spnego.h
@@ -58,7 +58,7 @@ struct spnego_negTokenInit {
 };
 
 struct spnego_negTokenTarg {
-	uint8_t negResult;
+	enum spnego_negResult negResult;
 	const char *supportedMech;
 	DATA_BLOB responseToken;
 	DATA_BLOB mechListMIC;
diff --git a/libcli/auth/spnego_parse.c b/libcli/auth/spnego_parse.c
index a608dce72a3..f538b44552c 100644
--- a/libcli/auth/spnego_parse.c
+++ b/libcli/auth/spnego_parse.c
@@ -202,7 +202,9 @@ static bool read_negTokenTarg(struct asn1_data *asn1, TALLOC_CTX *mem_ctx,
 
 	while (asn1_tag_remaining(asn1) > 0) {
 		uint8_t context;
+		uint8_t neg_result;
 		char *oid;
+
 		if (!asn1_peek_uint8(asn1, &context)) {
 			asn1_set_error(asn1);
 			break;
@@ -212,7 +214,8 @@ static bool read_negTokenTarg(struct asn1_data *asn1, TALLOC_CTX *mem_ctx,
 		case ASN1_CONTEXT(0):
 			if (!asn1_start_tag(asn1, ASN1_CONTEXT(0))) return false;
 			if (!asn1_start_tag(asn1, ASN1_ENUMERATED)) return false;
-			if (!asn1_read_uint8(asn1, &token->negResult)) return false;
+			if (!asn1_read_uint8(asn1, &neg_result)) return false;
+			token->negResult = neg_result;
 			if (!asn1_end_tag(asn1)) return false;
 			if (!asn1_end_tag(asn1)) return false;
 			break;
-- 
cgit v1.2.1