The branch, v4-17-test has been updated via 1c7d60ee090 s4:libnet: correctly handle gnutls_pbkdf2() errors via 77fb5b47621 s4:libnet: fix error string for failing samr_ChangePasswordUser4() from 5048d63c92e CVE-2022-37966 python:/tests/krb5: call sys.path.insert(0, "bin/python") before any other imports
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-test - Log ----------------------------------------------------------------- commit 1c7d60ee090155e0222284e937dd553d1eccc929 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Dec 14 10:37:41 2022 +0100 s4:libnet: correctly handle gnutls_pbkdf2() errors We should not ignore the error nor should we map GNUTLS_E_UNWANTED_ALGORITHM to NT_STATUS_WRONG_PASSWORD, instead we use NT_STATUS_CRYPTO_SYSTEM_INVALID as in most other places in the same file. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Björn Baumbach <bbaumb...@samba.org> Autobuild-User(master): Stefan Metzmacher <me...@samba.org> Autobuild-Date(master): Wed Dec 14 13:35:20 UTC 2022 on sn-devel-184 (cherry picked from commit eb5df255faea7326a7b85c1e7ce5a66119a27c3a) Autobuild-User(v4-17-test): Stefan Metzmacher <me...@samba.org> Autobuild-Date(v4-17-test): Wed Dec 14 14:46:02 UTC 2022 on sn-devel-184 commit 77fb5b4762198d7fa1727b6e0b35cb172de1d627 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Dec 14 10:32:31 2022 +0100 s4:libnet: fix error string for failing samr_ChangePasswordUser4() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Björn Baumbach <bbaumb...@samba.org> (cherry picked from commit 53d558365161be1793dad78ebcce877c732f2419) ----------------------------------------------------------------------- Summary of changes: source4/libnet/libnet_passwd.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c index 8fc4715a209..d7e9400b559 100644 --- a/source4/libnet/libnet_passwd.c +++ b/source4/libnet/libnet_passwd.c @@ -81,7 +81,10 @@ static NTSTATUS libnet_ChangePassword_samr_aes(TALLOC_CTX *mem_ctx, cek.length); BURN_DATA(old_nt_key_data); if (rc < 0) { - status = gnutls_error_to_ntstatus(rc, NT_STATUS_WRONG_PASSWORD); + status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } } status = init_samr_CryptPasswordAES(mem_ctx, @@ -105,13 +108,13 @@ static NTSTATUS libnet_ChangePassword_samr_aes(TALLOC_CTX *mem_ctx, goto done; } if (!NT_STATUS_IS_OK(r.out.result)) { + status = r.out.result; *error_string = talloc_asprintf(mem_ctx, "samr_ChangePasswordUser4 for " "'%s\\%s' failed: %s", server->string, account->string, nt_errstr(status)); - status = r.out.result; goto done; } -- Samba Shared Repository