UTF-16 input
The input checking is important, as otherwise we could set the wrong
password.
Andrew Bartlett
returned password including termination.
************************************************************/
bool decode_pw_buffer(uint8_t in_buffer[516], char *new_pwrd,
returned password including termination.
************************************************************/
bool decode_pw_buffer(uint8_t in_buffer[516], char *new_pwrd,
- int new_pwrd_size, uint32_t *new_pw_len,
- int string_flags)
+ int new_pwrd_size, int string_flags)
+ ssize_t converted_pw_len;
/* the incoming buffer can be any alignment. */
string_flags |= STR_NOALIGN;
/* the incoming buffer can be any alignment. */
string_flags |= STR_NOALIGN;
}
/* decode into the return buffer. Buffer length supplied */
}
/* decode into the return buffer. Buffer length supplied */
- *new_pw_len = pull_string(lp_iconv_convenience(global_loadparm), new_pwrd, &in_buffer[512 - byte_len], new_pwrd_size,
+ converted_pw_len = pull_string(lp_iconv_convenience(global_loadparm), new_pwrd, &in_buffer[512 - byte_len], new_pwrd_size,
+ if (converted_pw_len == -1) {
+ return false;
+ }
+
#ifdef DEBUG_PASSWORD
DEBUG(100,("decode_pw_buffer: new_pwrd: "));
#ifdef DEBUG_PASSWORD
DEBUG(100,("decode_pw_buffer: new_pwrd: "));
- dump_data(100, (const uint8_t *)new_pwrd, *new_pw_len);
- DEBUG(100,("multibyte len:%d\n", *new_pw_len));
+ dump_data(100, (const uint8_t *)new_pwrd, converted_pw_len);
+ DEBUG(100,("multibyte len:%d\n", converted_pw_len));
DEBUG(100,("original char len:%d\n", byte_len/2));
#endif
DEBUG(100,("original char len:%d\n", byte_len/2));
#endif
struct ldb_context *sam_ctx;
NTSTATUS nt_status;
char new_pass[512];
struct ldb_context *sam_ctx;
NTSTATUS nt_status;
char new_pass[512];
bool ret;
struct samr_CryptPassword password_buf;
bool ret;
struct samr_CryptPassword password_buf;
creds_arcfour_crypt(creds, password_buf.data, 516);
ret = decode_pw_buffer(password_buf.data, new_pass, sizeof(new_pass),
creds_arcfour_crypt(creds, password_buf.data, 516);
ret = decode_pw_buffer(password_buf.data, new_pass, sizeof(new_pass),
- &new_pass_len, STR_UNICODE);
if (!ret) {
DEBUG(3,("netr_ServerPasswordSet2: failed to decode password buffer\n"));
return NT_STATUS_ACCESS_DENIED;
if (!ret) {
DEBUG(3,("netr_ServerPasswordSet2: failed to decode password buffer\n"));
return NT_STATUS_ACCESS_DENIED;
data_blob_free(&lm_pwd_blob);
if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
data_blob_free(&lm_pwd_blob);
if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
- &new_pass_len, STR_ASCII)) {
ldb_transaction_cancel(sam_ctx);
DEBUG(3,("samr: failed to decode password buffer\n"));
return NT_STATUS_WRONG_PASSWORD;
ldb_transaction_cancel(sam_ctx);
DEBUG(3,("samr: failed to decode password buffer\n"));
return NT_STATUS_WRONG_PASSWORD;
{
NTSTATUS status;
char new_pass[512];
{
NTSTATUS status;
char new_pass[512];
struct ldb_context *sam_ctx = NULL;
struct ldb_dn *user_dn;
int ret;
struct ldb_context *sam_ctx = NULL;
struct ldb_dn *user_dn;
int ret;
data_blob_free(&nt_pwd_blob);
if (!decode_pw_buffer(r->in.nt_password->data, new_pass, sizeof(new_pass),
data_blob_free(&nt_pwd_blob);
if (!decode_pw_buffer(r->in.nt_password->data, new_pass, sizeof(new_pass),
- &new_pass_len, STR_UNICODE)) {
DEBUG(3,("samr: failed to decode password buffer\n"));
status = NT_STATUS_WRONG_PASSWORD;
goto failed;
DEBUG(3,("samr: failed to decode password buffer\n"));
status = NT_STATUS_WRONG_PASSWORD;
goto failed;
{
NTSTATUS nt_status;
char new_pass[512];
{
NTSTATUS nt_status;
char new_pass[512];
DATA_BLOB session_key = data_blob(NULL, 0);
nt_status = dcesrv_fetch_session_key(dce_call->conn, &session_key);
DATA_BLOB session_key = data_blob(NULL, 0);
nt_status = dcesrv_fetch_session_key(dce_call->conn, &session_key);
arcfour_crypt_blob(pwbuf->data, 516, &session_key);
if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
arcfour_crypt_blob(pwbuf->data, 516, &session_key);
if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
- &new_pass_len, STR_UNICODE)) {
DEBUG(3,("samr: failed to decode password buffer\n"));
return NT_STATUS_WRONG_PASSWORD;
}
DEBUG(3,("samr: failed to decode password buffer\n"));
return NT_STATUS_WRONG_PASSWORD;
}
arcfour_crypt_blob(pwbuf->data, 516, &co_session_key);
if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
arcfour_crypt_blob(pwbuf->data, 516, &co_session_key);
if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
- &new_pass_len, STR_UNICODE)) {
DEBUG(3,("samr: failed to decode password buffer\n"));
return NT_STATUS_WRONG_PASSWORD;
}
DEBUG(3,("samr: failed to decode password buffer\n"));
return NT_STATUS_WRONG_PASSWORD;
}