libcli:auth: Check return code of SMBOWFencrypt_ntv2()

author Andreas Schneider <asn@samba.org>

Wed, 13 Nov 2019 11:52:44 +0000 (12:52 +0100)

committer Andreas Schneider <asn@cryptomilk.org>

Thu, 14 Nov 2019 08:01:43 +0000 (08:01 +0000)
author Andreas Schneider <asn@samba.org>
Wed, 13 Nov 2019 11:52:44 +0000 (12:52 +0100)
committer Andreas Schneider <asn@cryptomilk.org>
Thu, 14 Nov 2019 08:01:43 +0000 (08:01 +0000)
diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c

index ba0051d7aea73af49a0e0c8bc0b858c9c2ead573..5058add38113e463453819d24f2b795e12760172 100644 (file)
--- a/libcli/auth/ntlm_check.c
+++ b/libcli/auth/ntlm_check.c
@@ -93,6 +93,7 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx,
         uint8_t kr[16];
         uint8_t value_from_encryption[16];
         DATA_BLOB client_key_data;
+       NTSTATUS status;
  
         if (part_passwd == NULL) {
                 DEBUG(10,("No password set - DISALLOWING access\n"));
@@ -125,7 +126,13 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx,
                 return false;
         }
  
-       SMBOWFencrypt_ntv2(kr, sec_blob, &client_key_data, value_from_encryption);
+       status = SMBOWFencrypt_ntv2(kr,
+                                   sec_blob,
+                                   &client_key_data,
+                                   value_from_encryption);
+       if (!NT_STATUS_IS_OK(status)) {
+               return false;
+       }
  
  #if DEBUG_PASSWORD
         DEBUG(100,("Part password (P16) was |\n"));
@@ -142,7 +149,6 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx,
         data_blob_clear_free(&client_key_data);
         if (memcmp(value_from_encryption, ntv2_response->data, 16) == 0) { 
                 if (user_sess_key != NULL) {
-                       NTSTATUS status;
                         *user_sess_key = data_blob_talloc(mem_ctx, NULL, 16);
  
                         status = SMBsesskeygen_ntv2(kr,
@@ -202,7 +208,13 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx,
                 return false;
         }
  
-       SMBOWFencrypt_ntv2(kr, sec_blob, &client_key_data, value_from_encryption);
+       status = SMBOWFencrypt_ntv2(kr,
+                                   sec_blob,
+                                   &client_key_data,
+                                   value_from_encryption);
+       if (!NT_STATUS_IS_OK(status)) {
+               return false;
+       }
         *user_sess_key = data_blob_talloc(mem_ctx, NULL, 16);
         status = SMBsesskeygen_ntv2(kr,
                                     value_from_encryption,
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c

index e7ed0630cdc5d7f9c9adc5684bcc7c70fad84d88..e33d29de19d2d3da7db58e03e6aeaff0ac086845 100644 (file)
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -493,6 +493,7 @@ static DATA_BLOB NTLMv2_generate_response(TALLOC_CTX *out_mem_ctx,
         uint8_t ntlmv2_response[16];
         DATA_BLOB ntlmv2_client_data;
         DATA_BLOB final_response;
+       NTSTATUS status;
  
         TALLOC_CTX *mem_ctx = talloc_named(out_mem_ctx, 0,
                                            "NTLMv2_generate_response internal context");
@@ -507,7 +508,14 @@ static DATA_BLOB NTLMv2_generate_response(TALLOC_CTX *out_mem_ctx,
         ntlmv2_client_data = NTLMv2_generate_client_data(mem_ctx, nttime, names_blob);
  
         /* Given that data, and the challenge from the server, generate a response */
-       SMBOWFencrypt_ntv2(ntlm_v2_hash, server_chal, &ntlmv2_client_data, ntlmv2_response);
+       status = SMBOWFencrypt_ntv2(ntlm_v2_hash,
+                                   server_chal,
+                                   &ntlmv2_client_data,
+                                   ntlmv2_response);
+       if (!NT_STATUS_IS_OK(status)) {
+               talloc_free(mem_ctx);
+               return data_blob(NULL, 0);
+       }
  
         final_response = data_blob_talloc(out_mem_ctx, NULL, sizeof(ntlmv2_response) + ntlmv2_client_data.length);
  
@@ -528,13 +536,21 @@ static DATA_BLOB LMv2_generate_response(TALLOC_CTX *mem_ctx,
         uint8_t lmv2_response[16];
         DATA_BLOB lmv2_client_data = data_blob_talloc(mem_ctx, NULL, 8);
         DATA_BLOB final_response = data_blob_talloc(mem_ctx, NULL,24);
+       NTSTATUS status;
  
         /* LMv2 */
         /* client-supplied random data */
         generate_random_buffer(lmv2_client_data.data, lmv2_client_data.length);
  
         /* Given that data, and the challenge from the server, generate a response */
-       SMBOWFencrypt_ntv2(ntlm_v2_hash, server_chal, &lmv2_client_data, lmv2_response);
+       status = SMBOWFencrypt_ntv2(ntlm_v2_hash,
+                                   server_chal,
+                                   &lmv2_client_data,
+                                   lmv2_response);
+       if (!NT_STATUS_IS_OK(status)) {
+               data_blob_free(&lmv2_client_data);
+               return data_blob(NULL, 0);
+       }
         memcpy(final_response.data, lmv2_response, sizeof(lmv2_response));
  
         /* after the first 16 bytes is the random data we generated above,
author	Andreas Schneider <asn@samba.org>
	Wed, 13 Nov 2019 11:52:44 +0000 (12:52 +0100)
committer	Andreas Schneider <asn@cryptomilk.org>
	Thu, 14 Nov 2019 08:01:43 +0000 (08:01 +0000)
libcli/auth/ntlm_check.c		patch \| blob \| history
libcli/auth/smbencrypt.c		patch \| blob \| history