CVE-2016-2110: auth/ntlmssp: don't let ntlmssp_handle_neg_flags() change ntlmssp_stat...
authorStefan Metzmacher <metze@samba.org>
Tue, 1 Dec 2015 14:06:09 +0000 (15:06 +0100)
committerStefan Metzmacher <metze@samba.org>
Tue, 12 Apr 2016 17:25:22 +0000 (19:25 +0200)
commit1668367d91f79d0862b195cb899d73ff67ca88dd
tree95855bfca9cdd373aa5be0f8527b7a7da70c2264
parentdc6e28d69a7fcc299c08e4368d8f137e6b59ed3a
CVE-2016-2110: auth/ntlmssp: don't let ntlmssp_handle_neg_flags() change ntlmssp_state->use_ntlmv2

ntlmssp_handle_neg_flags() can only disable flags, but not
set them. All supported flags are set at start time.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: G√ľnther Deschner <gd@samba.org>
auth/ntlmssp/gensec_ntlmssp_server.c
auth/ntlmssp/ntlmssp_client.c
auth/ntlmssp/ntlmssp_util.c