CVE-2022-37966 auth/credentials: Allow specifying password to cli_credentials_get_aes...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
[This is 4.15 only]

diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index e9d8b8a44b18e9e0e322ddb3d431986ae5a87437..6fd43472ae00edad1cd61eaed12b4e9d6df7a8a2 100644 (file)
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -347,6 +347,7 @@ NTSTATUS netlogon_creds_session_encrypt(
 int cli_credentials_get_aes256_key(struct cli_credentials *cred,
                                   TALLOC_CTX *mem_ctx,
                                   struct loadparm_context *lp_ctx,
+                                  const char *password,
                                   const char *salt,
                                   DATA_BLOB *aes_256);
 

diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index db0842be66c2d38a9d99ceb85daab910c447e8d3..39b7b8dd57ef92d8bdf62101db5b5e28987e3877 100644 (file)
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -1462,13 +1462,13 @@ _PUBLIC_ void cli_credentials_set_target_service(struct cli_credentials *cred, c
 _PUBLIC_ int cli_credentials_get_aes256_key(struct cli_credentials *cred,
                                            TALLOC_CTX *mem_ctx,
                                            struct loadparm_context *lp_ctx,
+                                           const char *password,
                                            const char *salt,
                                            DATA_BLOB *aes_256)
 {
        struct smb_krb5_context *smb_krb5_context = NULL;
        krb5_error_code krb5_ret;
        int ret;
-       const char *password = NULL;
        krb5_data cleartext_data;
        krb5_data salt_data;
        krb5_keyblock key;
@@ -1478,11 +1478,6 @@ _PUBLIC_ int cli_credentials_get_aes256_key(struct cli_credentials *cred,
                return EINVAL;
        }
 
-       password = cli_credentials_get_password(cred);
-       if (password == NULL) {
-               return EINVAL;
-       }
-
        cleartext_data.data = discard_const_p(char, password);
        cleartext_data.length = strlen(password);