diff options
author | Andrew Tridgell <tridge@samba.org> | 1997-10-15 04:51:23 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 1997-10-15 04:51:23 +0000 |
commit | 708edc348f0fb81d9c918e4bf857f339a13a3781 (patch) | |
tree | fa355241c0f06e57a5da9a46232bbea54c3e3d3d /source | |
parent | 45f4ae4327a8836cad22bbf64f1effba6a6eb7f5 (diff) | |
download | samba-708edc348f0fb81d9c918e4bf857f339a13a3781.tar.gz samba-708edc348f0fb81d9c918e4bf857f339a13a3781.tar.xz samba-708edc348f0fb81d9c918e4bf857f339a13a3781.zip |
fixed a stack overflow bug in api_lsa_req_chal()
changed the order of arguments to smbhash() in credentials.c. Luke,
when you changed from E1() to smbhash() you didn't notice that the
arguments are in a different order. This is why your new code was
failing.
NT logon still fails, but now gets to SAMLOGON. It shouldn't take much
to get it working now.
Diffstat (limited to 'source')
-rw-r--r-- | source/libsmb/credentials.c | 8 | ||||
-rw-r--r-- | source/pipenetlog.c | 2 |
2 files changed, 5 insertions, 5 deletions
diff --git a/source/libsmb/credentials.c b/source/libsmb/credentials.c index 07816bc0cf2..babc8180f2c 100644 --- a/source/libsmb/credentials.c +++ b/source/libsmb/credentials.c @@ -44,8 +44,8 @@ void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass, SIVAL(sum2,0,sum[0]); SIVAL(sum2,4,sum[1]); - smbhash(pass , sum2, buf); - smbhash(pass+9, buf , netsesskey); + smbhash(buf, sum2, pass); + smbhash(netsesskey, buf, pass+9); session_key[0] = IVAL(netsesskey, 0); session_key[1] = IVAL(netsesskey, 4); @@ -86,10 +86,10 @@ void cred_create(uint32 session_key[2], DOM_CHAL *stor_cred, UTIME timestamp, SIVAL(timecred, 0, IVAL(stor_cred, 0) + timestamp.time); SIVAL(timecred, 4, IVAL(stor_cred, 4)); - smbhash(netsesskey, timecred, buf); + smbhash(buf, timecred, netsesskey); memset(key2, 0, 7); key2[0] = netsesskey[7]; - smbhash(key2, buf, calc_cred); + smbhash(calc_cred, buf, key2); cred->data[0] = IVAL(calc_cred, 0); cred->data[1] = IVAL(calc_cred, 4); diff --git a/source/pipenetlog.c b/source/pipenetlog.c index acb7f806b94..6d406ee7d2a 100644 --- a/source/pipenetlog.c +++ b/source/pipenetlog.c @@ -292,7 +292,7 @@ static BOOL update_dcinfo(int cnum, uint16 vuid, } { - char foo[16]; + fstring foo; for (i = 0; i < 16; i++) sprintf(foo+i*2,"%02x ", dc->md4pw[i]); DEBUG(4,("pass %s %s\n", mach_acct, foo)); } |