From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 30 Nov 2015 08:13:14 +0000 (+0100)
Subject: CVE-2016-2110: ntlmssp.idl: add NTLMSSP_MIC_{OFFSET,SIZE}
X-Git-Tag: talloc-2.1.7~449
X-Git-Url: http://git.samba.org/?p=samba.git;a=commitdiff_plain;h=8b76b05fe7aafe4b2bdc32d477bf2a20be71b6f3

CVE-2016-2110: ntlmssp.idl: add NTLMSSP_MIC_{OFFSET,SIZE}

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---

diff --git a/librpc/idl/ntlmssp.idl b/librpc/idl/ntlmssp.idl
index 15c700e82de..f041e32d548 100644
--- a/librpc/idl/ntlmssp.idl
+++ b/librpc/idl/ntlmssp.idl
@@ -244,9 +244,12 @@ interface ntlmssp
 		[default] NTLMv2_RESPONSE v2;
 	} ntlmssp_NTLM_RESPONSE;
 
+	const int NTLMSSP_MIC_OFFSET = 72;
+	const int NTLMSSP_MIC_SIZE = 16;
+
 	typedef [flag(NDR_PAHEX)] struct {
-		uint8 MIC[16];
-	} MIC;
+		uint8 MIC[NTLMSSP_MIC_SIZE];
+	} ntlmssp_MIC;
 
 	/* [MS-NLMP] 2.2.1.3 AUTHENTICATE_MESSAGE */
 
@@ -275,7 +278,7 @@ interface ntlmssp
 		[switch_is(NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)] ntlmssp_Version Version;
 		/* MIC (Message Integrity) is only included when the client has
 		 * sent a timestap Av struct in the CHALLENGE_MESSAGE AvPair */
-		/* [flag(NDR_REMAINING)] MIC mic; */
+		/* [flag(NDR_REMAINING)] ntlmssp_MIC mic; */
 	} AUTHENTICATE_MESSAGE;
 
 	/* NTLMSSP signature version */