summaryrefslogtreecommitdiffstats
path: root/source
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>1997-10-15 04:51:23 +0000
committerAndrew Tridgell <tridge@samba.org>1997-10-15 04:51:23 +0000
commit708edc348f0fb81d9c918e4bf857f339a13a3781 (patch)
treefa355241c0f06e57a5da9a46232bbea54c3e3d3d /source
parent45f4ae4327a8836cad22bbf64f1effba6a6eb7f5 (diff)
downloadsamba-708edc348f0fb81d9c918e4bf857f339a13a3781.tar.gz
samba-708edc348f0fb81d9c918e4bf857f339a13a3781.tar.xz
samba-708edc348f0fb81d9c918e4bf857f339a13a3781.zip
fixed a stack overflow bug in api_lsa_req_chal()
changed the order of arguments to smbhash() in credentials.c. Luke, when you changed from E1() to smbhash() you didn't notice that the arguments are in a different order. This is why your new code was failing. NT logon still fails, but now gets to SAMLOGON. It shouldn't take much to get it working now.
Diffstat (limited to 'source')
-rw-r--r--source/libsmb/credentials.c8
-rw-r--r--source/pipenetlog.c2
2 files changed, 5 insertions, 5 deletions
diff --git a/source/libsmb/credentials.c b/source/libsmb/credentials.c
index 07816bc0cf2..babc8180f2c 100644
--- a/source/libsmb/credentials.c
+++ b/source/libsmb/credentials.c
@@ -44,8 +44,8 @@ void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass,
SIVAL(sum2,0,sum[0]);
SIVAL(sum2,4,sum[1]);
- smbhash(pass , sum2, buf);
- smbhash(pass+9, buf , netsesskey);
+ smbhash(buf, sum2, pass);
+ smbhash(netsesskey, buf, pass+9);
session_key[0] = IVAL(netsesskey, 0);
session_key[1] = IVAL(netsesskey, 4);
@@ -86,10 +86,10 @@ void cred_create(uint32 session_key[2], DOM_CHAL *stor_cred, UTIME timestamp,
SIVAL(timecred, 0, IVAL(stor_cred, 0) + timestamp.time);
SIVAL(timecred, 4, IVAL(stor_cred, 4));
- smbhash(netsesskey, timecred, buf);
+ smbhash(buf, timecred, netsesskey);
memset(key2, 0, 7);
key2[0] = netsesskey[7];
- smbhash(key2, buf, calc_cred);
+ smbhash(calc_cred, buf, key2);
cred->data[0] = IVAL(calc_cred, 0);
cred->data[1] = IVAL(calc_cred, 4);
diff --git a/source/pipenetlog.c b/source/pipenetlog.c
index acb7f806b94..6d406ee7d2a 100644
--- a/source/pipenetlog.c
+++ b/source/pipenetlog.c
@@ -292,7 +292,7 @@ static BOOL update_dcinfo(int cnum, uint16 vuid,
}
{
- char foo[16];
+ fstring foo;
for (i = 0; i < 16; i++) sprintf(foo+i*2,"%02x ", dc->md4pw[i]);
DEBUG(4,("pass %s %s\n", mach_acct, foo));
}