CVE-2020-1472(ZeroLogon): rpc_server/netlogon: Fix confounder check

[samba.git] / source4 / rpc_server / netlogon / dcerpc_netlogon.c

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 0c5ed1f06650b23b4463de91596b33b0113d3b6c..ac8f2eab657adab271fff8de17564a7c4ae58a13 100644 (file)
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -909,7 +909,7 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal
        confounder_len = 512 - new_password.length;
        enc_blob = data_blob_const(r->in.new_password->data, confounder_len);
        dec_blob = data_blob_const(password_buf.data, confounder_len);
-       if (data_blob_cmp(&dec_blob, &enc_blob) == 0) {
+       if (confounder_len > 0 && data_blob_cmp(&dec_blob, &enc_blob) == 0) {
                DBG_WARNING("Confounder buffer not encrypted Length[%zu]\n",
                            confounder_len);
                return NT_STATUS_WRONG_PASSWORD;