| commit | a3944de6990686bf674e7a9badded501873a7cfa | |
| author | Volker Lendecke <vl@samba.org> | |
| Fri, 20 May 2022 08:55:23 +0000 (20 10:55 +0200) | ||
| committer | Jule Anger <janger@samba.org> | |
| Fri, 14 Jul 2023 13:14:46 +0000 (14 15:14 +0200) | ||
| tree | 7ad01bc51db1aaec5252f2d37c38dc0084939714 | treesnapshot (tar.gz zip) |
| parent | d48c42c7d26637b19f6eb7e020a2e90b56b07e6b | commitdiff |
CVE-2022-2127: winbindd: Fix WINBINDD_PAM_AUTH_CRAP length checks
With WBFLAG_BIG_NTLMV2_BLOB being set plus lm_resp_len too large you
can crash winbind. We don't independently check lm_resp_len
sufficiently.
Discovered via Coverity ID 1504444 Out-of-bounds access
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15072
Signed-off-by: Volker Lendecke <vl@samba.org>
With WBFLAG_BIG_NTLMV2_BLOB being set plus lm_resp_len too large you
can crash winbind. We don't independently check lm_resp_len
sufficiently.
Discovered via Coverity ID 1504444 Out-of-bounds access
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15072
Signed-off-by: Volker Lendecke <vl@samba.org>
| source3/winbindd/winbindd_pam_auth_crap.c | diffblobblamehistory |