Author: abartlet Date: 2006-10-23 06:06:35 +0000 (Mon, 23 Oct 2006) New Revision: 19464
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19464 Log: Reject passwords that cannot be converted into UCS2. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb.c branches/SAMBA_4_0/source/libcli/auth/smbencrypt.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb.c =================================================================== --- branches/SAMBA_4_0/source/dsdb/samdb/samdb.c 2006-10-23 06:05:41 UTC (rev 19463) +++ branches/SAMBA_4_0/source/dsdb/samdb/samdb.c 2006-10-23 06:06:35 UTC (rev 19464) @@ -1249,7 +1249,13 @@ if (E_deshash(new_pass, local_lmNewHash.hash)) { lmNewHash = &local_lmNewHash; } - E_md4hash(new_pass, local_ntNewHash.hash); + if (!E_md4hash(new_pass, local_ntNewHash.hash)) { + /* If we can't convert this password to UCS2, then we should not accept it */ + if (reject_reason) { + *reject_reason = SAMR_REJECT_OTHER; + } + return NT_STATUS_PASSWORD_RESTRICTION; + } ntNewHash = &local_ntNewHash; } Modified: branches/SAMBA_4_0/source/libcli/auth/smbencrypt.c =================================================================== --- branches/SAMBA_4_0/source/libcli/auth/smbencrypt.c 2006-10-23 06:05:41 UTC (rev 19463) +++ branches/SAMBA_4_0/source/libcli/auth/smbencrypt.c 2006-10-23 06:06:35 UTC (rev 19464) @@ -63,18 +63,24 @@ * @param p16 return password hashed with md4, caller allocated 16 byte buffer */ -void E_md4hash(const char *passwd, uint8_t p16[16]) +BOOL E_md4hash(const char *passwd, uint8_t p16[16]) { int len; void *wpwd; len = push_ucs2_talloc(NULL, &wpwd, passwd); - SMB_ASSERT(len >= 2); + if (len < 2) { + /* We don't want to return fixed data, as most callers + * don't check */ + mdfour(p16, passwd, strlen(passwd)); + return False; + } len -= 2; mdfour(p16, wpwd, len); talloc_free(wpwd); + return True; } /**
