s3: improve the code in the AES encryption.

Remove looping replace them by memcpy.

Fix bug #8674 (Buffer overflow in vfs_smb_traffic_analyzer).

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Jan 25 03:12:14 CET 2012 on sn-devel-104

diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c
index 7b9a902e14fd58fdaf57ea470d01d54644f443bd..025fbbda90bf39e70e2a2e2bebd29c422cba2161 100644 (file)
--- a/source3/modules/vfs_smb_traffic_analyzer.c
+++ b/source3/modules/vfs_smb_traffic_analyzer.c
@@ -169,27 +169,27 @@ struct refcounted_sock {
 static char *smb_traffic_analyzer_encrypt( TALLOC_CTX *ctx,
        const char *akey, const char *str, size_t *len)
 {
-       int s1,s2,h,d;
+       int s1,s2,h;
        AES_KEY key;
        unsigned char filler[17]= "................";
        char *output;
-       unsigned char crypted[18];
        if (akey == NULL) return NULL;
        samba_AES_set_encrypt_key((const unsigned char *) akey, 128, &key);
        s1 = strlen(str) / 16;
        s2 = strlen(str) % 16;
-       for (h = 0; h < s2; h++) *(filler+h)=*(str+(s1*16)+h);
+       memcpy(filler, str + (s1*16), s2);
        DEBUG(10, ("smb_traffic_analyzer_send_data_socket: created %s"
                " as filling block.\n", filler));
-       output = talloc_array(ctx, char, (s1*16)+17 );
-       d=0;
+
+       *len = ((s1 + 1)*16);
+       output = talloc_array(ctx, char, *len);
        for (h = 0; h < s1; h++) {
-               samba_AES_encrypt((const unsigned char *) str+(16*h), crypted, &key);
-               for (d = 0; d<16; d++) output[d+(16*h)]=crypted[d];
+               samba_AES_encrypt((unsigned char *) str+(16*h), output+16*h,
+                       &key);
        }
        samba_AES_encrypt(filler, (const unsigned char *)(output+(16*h)), &key);
        *len = (s1*16)+16;
-       return output;  
+       return output;
 }
 
 /**