diff options
| author | Simo Sorce <simo@redhat.com> | 2014-08-06 14:57:54 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2014-08-06 15:44:52 -0400 |
| commit | 0f71365ed33652990696da66dc147a38ca03f599 (patch) | |
| tree | 83ee09805375bdfe5b3c39c4cf9941de3e4fccac | |
| parent | b2d21d428bd4109416bfd96806f6e663b59ba618 (diff) | |
| download | gss-ntlmssp-0f71365ed33652990696da66dc147a38ca03f599.tar.gz gss-ntlmssp-0f71365ed33652990696da66dc147a38ca03f599.tar.xz gss-ntlmssp-0f71365ed33652990696da66dc147a38ca03f599.zip | |
Fix sealing key regen with shorter keys
At LM_COMPAT_LEVEL 0 there is no exteded security and initial
sealing keys are 8 byte long.
| -rw-r--r-- | src/gss_signseal.c | 2 | ||||
| -rw-r--r-- | src/ntlm_crypto.c | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/src/gss_signseal.c b/src/gss_signseal.c index e8ec43a..8f4f316 100644 --- a/src/gss_signseal.c +++ b/src/gss_signseal.c @@ -117,7 +117,7 @@ uint32_t gssntlm_verify_mic(uint32_t *minor_status, /* must regenerate seal key */ retmin = ntlm_seal_regen(&ctx->recv.seal_key, &ctx->recv.seal_handle, - ctx->send.seq_num); + ctx->recv.seq_num); if (retmin) { *minor_status = retmin; return GSS_S_FAILURE; diff --git a/src/ntlm_crypto.c b/src/ntlm_crypto.c index b871997..b2f42f0 100644 --- a/src/ntlm_crypto.c +++ b/src/ntlm_crypto.c @@ -539,10 +539,10 @@ int ntlm_seal_regen(struct ntlm_key *seal_key, memcpy(inbuf, seal_key->data, seal_key->length); le = htole32(seq_num); - memcpy(&inbuf[16], &le, 4); + memcpy(&inbuf[seal_key->length], &le, 4); payload.data = inbuf; - payload.length = 20; + payload.length = seal_key->length + 4; result.data = outbuf; result.length = 16; |