if (E_deshash(new_pass, local_lmNewHash.hash)) {
lmNewHash = &local_lmNewHash;
}
- E_md4hash(new_pass, local_ntNewHash.hash);
+ if (!E_md4hash(new_pass, local_ntNewHash.hash)) {
+ /* If we can't convert this password to UCS2, then we should not accept it */
+ if (reject_reason) {
+ *reject_reason = SAMR_REJECT_OTHER;
+ }
+ return NT_STATUS_PASSWORD_RESTRICTION;
+ }
ntNewHash = &local_ntNewHash;
}
* @param p16 return password hashed with md4, caller allocated 16 byte buffer
*/
-void E_md4hash(const char *passwd, uint8_t p16[16])
+BOOL E_md4hash(const char *passwd, uint8_t p16[16])
{
int len;
void *wpwd;
len = push_ucs2_talloc(NULL, &wpwd, passwd);
- SMB_ASSERT(len >= 2);
+ if (len < 2) {
+ /* We don't want to return fixed data, as most callers
+ * don't check */
+ mdfour(p16, passwd, strlen(passwd));
+ return False;
+ }
len -= 2;
mdfour(p16, wpwd, len);
talloc_free(wpwd);
+ return True;
}
/**