]> git.ipfire.org Git - thirdparty/samba.git/commit
projects / thirdparty / samba.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f2c1804) | patch
CVE-2022-2127: winbindd: Fix WINBINDD_PAM_AUTH_CRAP length checks
authorVolker Lendecke <vl@samba.org>
Fri, 20 May 2022 08:55:23 +0000 (10:55 +0200)
committerJule Anger <janger@samba.org>
Fri, 14 Jul 2023 13:12:10 +0000 (15:12 +0200)
commit19dcb036cb8d21bf4e3e30d81eee3c79e54d3eff
tree24b7e6a0cad9123057a32e62a9b1260f97f8346ftree | snapshot
parentf2c18045a57e95597b4841e704e67b5811454979commit | diff
CVE-2022-2127: winbindd: Fix WINBINDD_PAM_AUTH_CRAP length checks

With WBFLAG_BIG_NTLMV2_BLOB being set plus lm_resp_len too large you
can crash winbind. We don't independently check lm_resp_len
sufficiently.

Discovered via Coverity ID 1504444 Out-of-bounds access

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15072

Signed-off-by: Volker Lendecke <vl@samba.org>
source3/winbindd/winbindd_pam_auth_crap.c diff | blob | blame | history
Mirror of https://github.com/samba-team/samba.git