From 7253d96fc205717d9fed973bbcad2884ce656fd9 Mon Sep 17 00:00:00 2001 From: =?utf8?q?G=C3=BCnther=20Deschner?= Date: Tue, 1 Sep 2009 11:58:05 +0200 Subject: [PATCH] wbclient: Fix Bug #6680: always activate handling of large (> 256 byte) ntlmv2 blobs in wbcAuthenticateUserEx(). Guenther --- source/nsswitch/libwbclient/wbc_pam.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/source/nsswitch/libwbclient/wbc_pam.c b/source/nsswitch/libwbclient/wbc_pam.c index 401d2ad2c3f..3f44681a200 100644 --- a/source/nsswitch/libwbclient/wbc_pam.c +++ b/source/nsswitch/libwbclient/wbc_pam.c @@ -439,15 +439,24 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, request.data.auth_crap.lm_resp_len = MIN(params->password.response.lm_length, sizeof(request.data.auth_crap.lm_resp)); - request.data.auth_crap.nt_resp_len = - MIN(params->password.response.nt_length, - sizeof(request.data.auth_crap.nt_resp)); if (params->password.response.lm_data) { memcpy(request.data.auth_crap.lm_resp, params->password.response.lm_data, request.data.auth_crap.lm_resp_len); } - if (params->password.response.nt_data) { + request.data.auth_crap.nt_resp_len = params->password.response.nt_length; + if (params->password.response.nt_length > sizeof(request.data.auth_crap.nt_resp)) { + request.flags |= WBFLAG_BIG_NTLMV2_BLOB; + request.extra_len = params->password.response.nt_length; + request.extra_data.data = talloc_zero_array(NULL, char, request.extra_len); + if (request.extra_data.data == NULL) { + wbc_status = WBC_ERR_NO_MEMORY; + BAIL_ON_WBC_ERROR(wbc_status); + } + memcpy(request.extra_data.data, + params->password.response.nt_data, + request.data.auth_crap.nt_resp_len); + } else if (params->password.response.nt_data) { memcpy(request.data.auth_crap.nt_resp, params->password.response.nt_data, request.data.auth_crap.nt_resp_len); @@ -493,6 +502,8 @@ done: if (response.extra_data.data) free(response.extra_data.data); + talloc_free(request.extra_data.data); + return wbc_status; } -- 2.11.4.GIT