The branch, master has been updated
via dba9e63 Prevent a crash in Python modules that try to authenticate
by ensuring we reject cases where credendials fields are not intialized.
via 4e178ed s3-util: Compare the maximum allowed length of a NetBIOS
name
from dcc657a selftest: Add assertion that we actually fix the
replPropertyMetaData sort order
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit dba9e631bd1e1c7e00430b72f0c60b32ee4eeb33
Author: Richard Sharpe <rsha...@samba.org>
Date: Mon Aug 24 20:26:42 2015 -0700
Prevent a crash in Python modules that try to authenticate by ensuring we
reject cases where credendials fields are not intialized.
Signed-off-by: Richard Sharpe <rsha...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Tue Aug 25 21:45:18 CEST 2015 on sn-devel-104
commit 4e178ed498c594ffcd5592d0b792d47b064b9586
Author: Roel van Meer <r...@1afa.com>
Date: Tue Aug 4 16:50:43 2015 +0200
s3-util: Compare the maximum allowed length of a NetBIOS name
This fixes a problem where is_myname() returns true if one of our names
is a substring of the specified name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11427
Reviewed-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/ntlmssp/ntlmssp_client.c | 21 +++++++++++++++++++--
source3/lib/util.c | 2 +-
2 files changed, 20 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index d8531e4c..b22619b 100644
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -147,7 +147,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security
*gensec_security,
DATA_BLOB encrypted_session_key = data_blob(NULL, 0);
NTSTATUS nt_status;
int flags = 0;
- const char *user, *domain;
+ const char *user = NULL, *domain = NULL, *workstation = NULL;
TALLOC_CTX *mem_ctx = talloc_new(out_mem_ctx);
if (!mem_ctx) {
@@ -256,6 +256,23 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security
*gensec_security,
cli_credentials_get_ntlm_username_domain(gensec_security->credentials,
mem_ctx,
&user, &domain);
+ workstation =
cli_credentials_get_workstation(gensec_security->credentials);
+
+ if (user == NULL) {
+ DEBUG(10, ("User is NULL, returning INVALID_PARAMETER\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (domain == NULL) {
+ DEBUG(10, ("Domain is NULL, returning INVALID_PARAMETER\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (workstation == NULL) {
+ DEBUG(10, ("Workstation is NULL, returning
INVALID_PARAMETER\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
flags |= CLI_CRED_NTLM2;
}
@@ -337,7 +354,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security
*gensec_security,
nt_response.data, nt_response.length,
domain,
user,
-
cli_credentials_get_workstation(gensec_security->credentials),
+ workstation,
encrypted_session_key.data, encrypted_session_key.length,
ntlmssp_state->neg_flags);
if (!NT_STATUS_IS_OK(nt_status)) {
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 2fd2b6b..d38d53a 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -1198,7 +1198,7 @@ bool is_myname(const char *s)
for (n=0; my_netbios_names(n); n++) {
const char *nbt_name = my_netbios_names(n);
- if (strncasecmp_m(nbt_name, s, strlen(nbt_name)) == 0) {
+ if (strncasecmp_m(nbt_name, s, MAX_NETBIOSNAME_LEN-1) == 0) {
ret=True;
break;
}
--
Samba Shared Repository
