git.ipfire.org Git - thirdparty/samba.git/commit

author	Stefan Metzmacher <metze@samba.org>
	Tue, 17 Dec 2013 10:49:31 +0000 (11:49 +0100)
committer	Stefan Metzmacher <metze@samba.org>
	Mon, 28 Mar 2016 22:42:07 +0000 (00:42 +0200)
commit	3a8334d269d76a9f849c8b58aa45de058e518971
tree	ca29d74f1a1245804a94c3b77cba7f7e66c2cc1a	tree
parent	22bf4ed895c75f67d4e0ccb4b29e2811f9960798	commit \| diff

CVE-2016-2110: auth/ntlmssp: implement gensec_ntlmssp_may_reset_crypto()

[MS-SPNG] requires the NTLMSSP RC4 states to be reset after
the SPNEGO exchange with mechListMic verification (new_spnego).

The 'reset_full' parameter is needed to support the broken
behavior that windows only resets the RC4 states but not the
sequence numbers. Which means this functionality is completely
useless... But we want to work against all windows versions...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

auth/ntlmssp/ntlmssp.c		diff \| blob \| blame \| history
auth/ntlmssp/ntlmssp.h		diff \| blob \| blame \| history
auth/ntlmssp/ntlmssp_sign.c		diff \| blob \| blame \| history