libcli:auth Check return code of netlogon_creds_aes_encrypt()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov 14 09:25:36 UTC 2019 on sn-devel-184

diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index c78f2012bf25136df508ade209501ae0abe6b878..f1088a1d8e001b5ad42b22f1753ded0893fb014b 100644 (file)
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -37,10 +37,16 @@ static NTSTATUS netlogon_creds_step_crypt(struct netlogon_creds_CredentialState
                                          const struct netr_Credential *in,
                                          struct netr_Credential *out)
 {
+       NTSTATUS status;
        if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
                memcpy(out->data, in->data, sizeof(out->data));
 
-               netlogon_creds_aes_encrypt(creds, out->data, sizeof(out->data));
+               status = netlogon_creds_aes_encrypt(creds,
+                                                   out->data,
+                                                   sizeof(out->data));
+               if (!NT_STATUS_IS_OK(status)) {
+                       return status;
+               }
        } else {
                des_crypt112(out->data, in->data, creds->session_key, 1);
        }

diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index aac2d454e0fe1a6b7756100cf9754bccb9e44e6f..6f043d774cd172f0349d700147aaa368dba23a8a 100644 (file)
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -1995,9 +1995,13 @@ static void netlogon_creds_cli_ServerPasswordSet_locked(struct tevent_req *subre
        if (state->tmp_creds.negotiate_flags & NETLOGON_NEG_PASSWORD_SET2) {
 
                if (state->tmp_creds.negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
-                       netlogon_creds_aes_encrypt(&state->tmp_creds,
-                                       state->samr_crypt_password.data,
-                                       516);
+                       status = netlogon_creds_aes_encrypt(&state->tmp_creds,
+                                                           state->samr_crypt_password.data,
+                                                           516);
+                       if (tevent_req_nterror(req, status)) {
+                               netlogon_creds_cli_ServerPasswordSet_cleanup(req, status);
+                               return;
+                       }
                } else {
                        status = netlogon_creds_arcfour_crypt(&state->tmp_creds,
                                                              state->samr_crypt_password.data,
@@ -3707,9 +3711,13 @@ static void netlogon_creds_cli_SendToSam_locked(struct tevent_req *subreq)
        ZERO_STRUCT(state->rep_auth);
 
        if (state->tmp_creds.negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
-               netlogon_creds_aes_encrypt(&state->tmp_creds,
-                                          state->opaque.data,
-                                          state->opaque.length);
+               status = netlogon_creds_aes_encrypt(&state->tmp_creds,
+                                                   state->opaque.data,
+                                                   state->opaque.length);
+               if (tevent_req_nterror(req, status)) {
+                       netlogon_creds_cli_SendToSam_cleanup(req, status);
+                       return;
+               }
        } else {
                status = netlogon_creds_arcfour_crypt(&state->tmp_creds,
                                                      state->opaque.data,