CVE-2016-2110: auth/ntlmssp: implement gensec_ntlmssp_may_reset_crypto()
authorStefan Metzmacher <metze@samba.org>
Tue, 17 Dec 2013 10:49:31 +0000 (11:49 +0100)
committerStefan Metzmacher <metze@samba.org>
Tue, 12 Apr 2016 17:25:23 +0000 (19:25 +0200)
commit8cd1a2a118b544af7d08a3b79cdbd09384d86af3
tree97968a65b419a85063d5d517ce94d3fe76a4a5ea
parentfa8c65626e33be66c707931f7a4fc1e2798823a4
CVE-2016-2110: auth/ntlmssp: implement gensec_ntlmssp_may_reset_crypto()

[MS-SPNG] requires the NTLMSSP RC4 states to be reset after
the SPNEGO exchange with mechListMic verification (new_spnego).

The 'reset_full' parameter is needed to support the broken
behavior that windows only resets the RC4 states but not the
sequence numbers. Which means this functionality is completely
useless... But we want to work against all windows versions...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: G√ľnther Deschner <gd@samba.org>
auth/ntlmssp/ntlmssp.c
auth/ntlmssp/ntlmssp.h
auth/ntlmssp/ntlmssp_sign.c