CVE-2016-2110: auth/credentials: clear the LMv2 key for NTLMv2 in cli_credentials_get...
authorStefan Metzmacher <metze@samba.org>
Tue, 24 Nov 2015 20:24:47 +0000 (21:24 +0100)
committerStefan Metzmacher <metze@samba.org>
Tue, 12 Apr 2016 17:25:23 +0000 (19:25 +0200)
commit8a647ae1e1c355f48b0d2a5a6c8bb0105e3d2318
treeca971981fc4ede9e18e113d8892a57e142fb090d
parent8cd1a2a118b544af7d08a3b79cdbd09384d86af3
CVE-2016-2110: auth/credentials: clear the LMv2 key for NTLMv2 in cli_credentials_get_ntlm_response()

If we clear CLI_CRED_LANMAN_AUTH and we should also clear the lm_response buffer
and don't send it over the net.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: G√ľnther Deschner <gd@samba.org>
auth/credentials/credentials_ntlm.c