smb_set_enclen(buf_out, smb_len(buf) + NTLMSSP_SIG_SIZE, enc_ctx_num);
- sig = data_blob(NULL, NTLMSSP_SIG_SIZE);
+ ZERO_STRUCT(sig);
status = ntlmssp_seal_packet(ntlmssp_state,
(unsigned char *)buf_out + 8 + NTLMSSP_SIG_SIZE, /* 4 byte len + 0xFF 'S' <enc> <ctx> */
/* First 16 data bytes are signature for SSPI compatibility. */
memcpy(buf_out + 8, sig.data, NTLMSSP_SIG_SIZE);
+ data_blob_free(&sig);
*ppbuf_out = buf_out;
return NT_STATUS_OK;
}
void common_free_enc_buffer(struct smb_trans_enc_state *es, char *buf)
{
+ uint16_t enc_ctx_num;
+
if (!common_encryption_on(es)) {
return;
}
+ if (!NT_STATUS_IS_OK(get_enc_ctx_num((const uint8_t *)buf,
+ &enc_ctx_num))) {
+ return;
+ }
+
if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) {
SAFE_FREE(buf);
return;
Encrypt an outgoing buffer. Return the encrypted pointer in buf_out.
******************************************************************************/
-NTSTATUS cli_encrypt_message(struct cli_state *cli, char **buf_out)
+NTSTATUS cli_encrypt_message(struct cli_state *cli, char *buf, char **buf_out)
{
/* Ignore non-session messages. */
- if(CVAL(cli->outbuf,0)) {
+ if (CVAL(buf,0)) {
return NT_STATUS_OK;
}
/* If we supported multiple encrytion contexts
* here we'd look up based on tid.
*/
- return common_encrypt_buffer(cli->trans_enc_state, cli->outbuf, buf_out);
+ return common_encrypt_buffer(cli->trans_enc_state, buf, buf_out);
}