CVE-2016-2110: libcli/auth: use enum spnego_negResult instead of uint8_t

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

diff --git a/libcli/auth/spnego.h b/libcli/auth/spnego.h
index 539b90336f0b3a2997bbf6ad5ec551153a1b4e2c..73196e61387ba5d74c5288f9429b9806d5c02d94 100644 (file)
--- a/libcli/auth/spnego.h
+++ b/libcli/auth/spnego.h
@@ -58,7 +58,7 @@ struct spnego_negTokenInit {
 };
 
 struct spnego_negTokenTarg {
-       uint8_t negResult;
+       enum spnego_negResult negResult;
        const char *supportedMech;
        DATA_BLOB responseToken;
        DATA_BLOB mechListMIC;

diff --git a/libcli/auth/spnego_parse.c b/libcli/auth/spnego_parse.c
index a608dce72a3e45ffc7390522aef54a9634dee10d..f538b44552cbc81f4be59cfd1c43fa60d5ad4731 100644 (file)
--- a/libcli/auth/spnego_parse.c
+++ b/libcli/auth/spnego_parse.c
@@ -202,7 +202,9 @@ static bool read_negTokenTarg(struct asn1_data *asn1, TALLOC_CTX *mem_ctx,
 
        while (asn1_tag_remaining(asn1) > 0) {
                uint8_t context;
+               uint8_t neg_result;
                char *oid;
+
                if (!asn1_peek_uint8(asn1, &context)) {
                        asn1_set_error(asn1);
                        break;
@@ -212,7 +214,8 @@ static bool read_negTokenTarg(struct asn1_data *asn1, TALLOC_CTX *mem_ctx,
                case ASN1_CONTEXT(0):
                        if (!asn1_start_tag(asn1, ASN1_CONTEXT(0))) return false;
                        if (!asn1_start_tag(asn1, ASN1_ENUMERATED)) return false;
-                       if (!asn1_read_uint8(asn1, &token->negResult)) return false;
+                       if (!asn1_read_uint8(asn1, &neg_result)) return false;
+                       token->negResult = neg_result;
                        if (!asn1_end_tag(asn1)) return false;
                        if (!asn1_end_tag(asn1)) return false;
                        break;