| commit | b2de71734f09ee4eb80cf70de8a66f628246f2ba | |
| author | Volker Lendecke <vl@samba.org> | |
| Fri, 20 May 2022 08:55:23 +0000 (20 10:55 +0200) | ||
| committer | Jule Anger <janger@samba.org> | |
| Fri, 21 Jul 2023 12:05:35 +0000 (21 12:05 +0000) | ||
| tree | 7630a2486ae249f2ecd836283f1cd3c3059cebf9 | treesnapshot (tar.gz zip) |
| parent | 76ad44f446c42832e87b2c60a4731a8de3a0018f | commitdiff |
CVE-2022-2127: winbindd: Fix WINBINDD_PAM_AUTH_CRAP length checks
With WBFLAG_BIG_NTLMV2_BLOB being set plus lm_resp_len too large you
can crash winbind. We don't independently check lm_resp_len
sufficiently.
Discovered via Coverity ID 1504444 Out-of-bounds access
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15072
Signed-off-by: Volker Lendecke <vl@samba.org>
With WBFLAG_BIG_NTLMV2_BLOB being set plus lm_resp_len too large you
can crash winbind. We don't independently check lm_resp_len
sufficiently.
Discovered via Coverity ID 1504444 Out-of-bounds access
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15072
Signed-off-by: Volker Lendecke <vl@samba.org>
| source3/winbindd/winbindd_pam_auth_crap.c | diffblobblamehistory |