From: Pavel Filipenský Date: Mon, 9 Mar 2026 07:45:20 +0000 (+0100) Subject: auth: Use secure variant data_blob_talloc_s() to zero sensitive data blobs X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=07ca97b30d7bd385c64f95dca96b3378c6da9cba;p=thirdparty%2Fsamba.git auth: Use secure variant data_blob_talloc_s() to zero sensitive data blobs Signed-off-by: Pavel Filipenský Reviewed-by: Andreas Schneider --- diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c index 67bf31a008e..1baba0999d9 100644 --- a/libcli/auth/ntlm_check.c +++ b/libcli/auth/ntlm_check.c @@ -78,7 +78,7 @@ static bool smb_pwd_check_ntlmv1(TALLOC_CTX *mem_ctx, return false; } if (user_sess_key != NULL) { - *user_sess_key = data_blob_talloc(mem_ctx, NULL, 16); + *user_sess_key = data_blob_talloc_s(mem_ctx, NULL, 16); if (user_sess_key->data == NULL) { DBG_ERR("data_blob_talloc failed\n"); ZERO_ARRAY(p24); @@ -129,7 +129,9 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx, return false; } - client_key_data = data_blob_talloc(mem_ctx, ntv2_response->data+16, ntv2_response->length-16); + client_key_data = data_blob_talloc_s(mem_ctx, + ntv2_response->data + 16, + ntv2_response->length - 16); /* todo: should we be checking this for anything? We can't for LMv2, but for NTLMv2 it is meant to contain the current time etc. @@ -171,7 +173,7 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx, return false; } if (user_sess_key != NULL) { - *user_sess_key = data_blob_talloc(mem_ctx, NULL, 16); + *user_sess_key = data_blob_talloc_s(mem_ctx, NULL, 16); if (user_sess_key->data == NULL) { DBG_ERR("data_blob_talloc failed\n"); ZERO_ARRAY(kr); @@ -230,7 +232,9 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx, return false; } - client_key_data = data_blob_talloc(mem_ctx, ntv2_response->data+16, ntv2_response->length-16); + client_key_data = data_blob_talloc_s(mem_ctx, + ntv2_response->data + 16, + ntv2_response->length - 16); if (!ntv2_owf_gen(part_passwd, user, domain, kr)) { ZERO_ARRAY(kr); @@ -246,7 +250,7 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx, ZERO_ARRAY(value_from_encryption); return false; } - *user_sess_key = data_blob_talloc(mem_ctx, NULL, 16); + *user_sess_key = data_blob_talloc_s(mem_ctx, NULL, 16); if (user_sess_key->data == NULL) { DBG_ERR("data_blob_talloc failed\n"); ZERO_ARRAY(kr); @@ -444,7 +448,10 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, client_domain, user_sess_key)) { if (user_sess_key->length) { - *lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length)); + *lm_sess_key = data_blob_talloc_s( + mem_ctx, + user_sess_key->data, + MIN(8, user_sess_key->length)); } return NT_STATUS_OK; } @@ -458,7 +465,10 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, upper_client_domain, user_sess_key)) { if (user_sess_key->length) { - *lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length)); + *lm_sess_key = data_blob_talloc_s( + mem_ctx, + user_sess_key->data, + MIN(8, user_sess_key->length)); } return NT_STATUS_OK; } @@ -471,7 +481,10 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, "", user_sess_key)) { if (user_sess_key->length) { - *lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length)); + *lm_sess_key = data_blob_talloc_s( + mem_ctx, + user_sess_key->data, + MIN(8, user_sess_key->length)); } return NT_STATUS_OK; } else { @@ -492,7 +505,10 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, so use it only if we otherwise allow LM authentication */ if (lanman_auth && stored_lanman) { - *lm_sess_key = data_blob_talloc(mem_ctx, stored_lanman->hash, MIN(8, user_sess_key->length)); + *lm_sess_key = data_blob_talloc_s( + mem_ctx, + stored_lanman->hash, + MIN(8, user_sess_key->length)); } return NT_STATUS_OK; } else { @@ -543,8 +559,10 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, uint8_t first_8_lm_hash[16]; memcpy(first_8_lm_hash, stored_lanman->hash, 8); memset(first_8_lm_hash + 8, '\0', 8); - *user_sess_key = data_blob_talloc(mem_ctx, first_8_lm_hash, 16); - *lm_sess_key = data_blob_talloc(mem_ctx, stored_lanman->hash, 8); + *user_sess_key = data_blob_talloc_s( + mem_ctx, first_8_lm_hash, 16); + *lm_sess_key = data_blob_talloc_s( + mem_ctx, stored_lanman->hash, 8); ZERO_ARRAY(first_8_lm_hash); } return NT_STATUS_OK; @@ -583,7 +601,10 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, *user_sess_key = tmp_sess_key; } if (user_sess_key->length) { - *lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length)); + *lm_sess_key = data_blob_talloc_s( + mem_ctx, + user_sess_key->data, + MIN(8, user_sess_key->length)); } return NT_STATUS_OK; } @@ -612,7 +633,10 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, *user_sess_key = tmp_sess_key; } if (user_sess_key->length) { - *lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length)); + *lm_sess_key = data_blob_talloc_s( + mem_ctx, + user_sess_key->data, + MIN(8, user_sess_key->length)); } return NT_STATUS_OK; } @@ -640,7 +664,10 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, *user_sess_key = tmp_sess_key; } if (user_sess_key->length) { - *lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length)); + *lm_sess_key = data_blob_talloc_s( + mem_ctx, + user_sess_key->data, + MIN(8, user_sess_key->length)); } return NT_STATUS_OK; } @@ -662,8 +689,10 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, uint8_t first_8_lm_hash[16]; memcpy(first_8_lm_hash, stored_lanman->hash, 8); memset(first_8_lm_hash + 8, '\0', 8); - *user_sess_key = data_blob_talloc(mem_ctx, first_8_lm_hash, 16); - *lm_sess_key = data_blob_talloc(mem_ctx, stored_lanman->hash, 8); + *user_sess_key = data_blob_talloc_s( + mem_ctx, first_8_lm_hash, 16); + *lm_sess_key = data_blob_talloc_s( + mem_ctx, stored_lanman->hash, 8); ZERO_ARRAY(first_8_lm_hash); } return NT_STATUS_OK; diff --git a/libcli/auth/session.c b/libcli/auth/session.c index 5674c7574ed..5014fe7b524 100644 --- a/libcli/auth/session.c +++ b/libcli/auth/session.c @@ -129,8 +129,8 @@ char *sess_decrypt_string(TALLOC_CTX *mem_ctx, if (blob->length < 8) { return NULL; } - - out = data_blob_talloc(mem_ctx, NULL, blob->length); + + out = data_blob_talloc_s(mem_ctx, NULL, blob->length); if (!out.data) { return NULL; } @@ -178,12 +178,12 @@ DATA_BLOB sess_encrypt_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob_in, const DATA_ int dlen = (blob_in->length+7) & ~7; int rc; - src = data_blob_talloc(mem_ctx, NULL, 8+dlen); + src = data_blob_talloc_s(mem_ctx, NULL, 8 + dlen); if (!src.data) { return data_blob(NULL, 0); } - ret = data_blob_talloc(mem_ctx, NULL, 8+dlen); + ret = data_blob_talloc_s(mem_ctx, NULL, 8 + dlen); if (!ret.data) { data_blob_free(&src); return data_blob(NULL, 0); @@ -219,8 +219,8 @@ NTSTATUS sess_decrypt_blob(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const DAT (int)blob->length)); return NT_STATUS_INVALID_PARAMETER; } - - out = data_blob_talloc(mem_ctx, NULL, blob->length); + + out = data_blob_talloc_s(mem_ctx, NULL, blob->length); if (!out.data) { return NT_STATUS_NO_MEMORY; } @@ -243,7 +243,7 @@ NTSTATUS sess_decrypt_blob(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const DAT return NT_STATUS_WRONG_PASSWORD; } - *ret = data_blob_talloc(mem_ctx, out.data+8, slen); + *ret = data_blob_talloc_s(mem_ctx, out.data + 8, slen); if (slen && !ret->data) { return NT_STATUS_NO_MEMORY; } diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c index 9b92737d8b4..0f1f320afe5 100644 --- a/libcli/auth/smbencrypt.c +++ b/libcli/auth/smbencrypt.c @@ -525,7 +525,10 @@ static DATA_BLOB NTLMv2_generate_response(TALLOC_CTX *out_mem_ctx, return data_blob(NULL, 0); } - final_response = data_blob_talloc(out_mem_ctx, NULL, sizeof(ntlmv2_response) + ntlmv2_client_data.length); + final_response = data_blob_talloc_s(out_mem_ctx, + NULL, + sizeof(ntlmv2_response) + + ntlmv2_client_data.length); memcpy(final_response.data, ntlmv2_response, sizeof(ntlmv2_response)); @@ -543,8 +546,8 @@ static DATA_BLOB LMv2_generate_response(TALLOC_CTX *mem_ctx, const DATA_BLOB *server_chal) { uint8_t lmv2_response[16]; - DATA_BLOB lmv2_client_data = data_blob_talloc(mem_ctx, NULL, 8); - DATA_BLOB final_response = data_blob_talloc(mem_ctx, NULL,24); + DATA_BLOB lmv2_client_data = data_blob_talloc_s(mem_ctx, NULL, 8); + DATA_BLOB final_response = data_blob_talloc_s(mem_ctx, NULL, 24); NTSTATUS status; /* LMv2 */ @@ -610,7 +613,9 @@ bool SMBNTLMv2encrypt_hash(TALLOC_CTX *mem_ctx, *nttime, names_blob); if (user_session_key) { - *user_session_key = data_blob_talloc(mem_ctx, NULL, 16); + *user_session_key = data_blob_talloc_s(mem_ctx, + NULL, + 16); /* The NTLMv2 calculations also provide a session key, for signing etc later */ /* use only the first 16 bytes of nt_response for session key */ @@ -635,7 +640,9 @@ bool SMBNTLMv2encrypt_hash(TALLOC_CTX *mem_ctx, server_chal); } if (lm_session_key) { - *lm_session_key = data_blob_talloc(mem_ctx, NULL, 16); + *lm_session_key = data_blob_talloc_s(mem_ctx, + NULL, + 16); /* The NTLMv2 calculations also provide a session key, for signing etc later */ /* use only the first 16 bytes of lm_response for session key */ diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index 2389cf7c08b..5d4a91af9a8 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -5120,7 +5120,7 @@ static void smbXcli_negprot_smb1_done(struct tevent_req *subreq) } blob1 = data_blob_const(bytes+16, num_bytes-16); - blob2 = data_blob_dup_talloc(state, blob1); + blob2 = data_blob_dup_talloc_s(state, blob1); if (blob1.length > 0 && tevent_req_nomem(blob2.data, req)) { return; @@ -5728,9 +5728,9 @@ static void smbXcli_negprot_smb2_done(struct tevent_req *subreq) return; } - conn->smb2.server.gss_blob = data_blob_talloc(conn, - iov[2].iov_base, - security_length); + conn->smb2.server.gss_blob = data_blob_talloc_s(conn, + iov[2].iov_base, + security_length); if (tevent_req_nomem(conn->smb2.server.gss_blob.data, req)) { return; } @@ -6659,7 +6659,7 @@ NTSTATUS smb2cli_session_signing_key(struct smbXcli_session *session, return NT_STATUS_NO_USER_SESSION_KEY; } - *key = data_blob_dup_talloc(mem_ctx, sig->blob); + *key = data_blob_dup_talloc_s(mem_ctx, sig->blob); if (key->data == NULL) { return NT_STATUS_NO_MEMORY; } @@ -6683,7 +6683,8 @@ NTSTATUS smb2cli_session_encryption_key(struct smbXcli_session *session, return NT_STATUS_NO_USER_SESSION_KEY; } - *key = data_blob_dup_talloc(mem_ctx, session->smb2->encryption_key->blob); + *key = data_blob_dup_talloc_s(mem_ctx, + session->smb2->encryption_key->blob); if (key->data == NULL) { return NT_STATUS_NO_MEMORY; } @@ -6707,7 +6708,8 @@ NTSTATUS smb2cli_session_decryption_key(struct smbXcli_session *session, return NT_STATUS_NO_USER_SESSION_KEY; } - *key = data_blob_dup_talloc(mem_ctx, session->smb2->decryption_key->blob); + *key = data_blob_dup_talloc_s(mem_ctx, + session->smb2->decryption_key->blob); if (key->data == NULL) { return NT_STATUS_NO_MEMORY; } @@ -6740,7 +6742,7 @@ NTSTATUS smbXcli_session_application_key(struct smbXcli_session *session, return NT_STATUS_NO_USER_SESSION_KEY; } - *key = data_blob_dup_talloc(mem_ctx, *application_key); + *key = data_blob_dup_talloc_s(mem_ctx, *application_key); if (key->data == NULL) { return NT_STATUS_NO_MEMORY; } @@ -6798,9 +6800,8 @@ NTSTATUS smb1cli_session_set_session_key(struct smbXcli_session *session, memcpy(session_key, _session_key.data, MIN(_session_key.length, sizeof(session_key))); - session->smb1.application_key = data_blob_talloc(session, - session_key, - sizeof(session_key)); + session->smb1.application_key = data_blob_talloc_s( + session, session_key, sizeof(session_key)); ZERO_STRUCT(session_key); if (session->smb1.application_key.data == NULL) { return NT_STATUS_NO_MEMORY; @@ -7289,10 +7290,10 @@ NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session, memcpy(channel_key, _channel_key.data, MIN(_channel_key.length, sizeof(channel_key))); - session->smb2_channel.signing_key->blob = - data_blob_talloc(session->smb2_channel.signing_key, - channel_key, - sizeof(channel_key)); + session->smb2_channel.signing_key->blob = data_blob_talloc_s( + session->smb2_channel.signing_key, + channel_key, + sizeof(channel_key)); if (!smb2_signing_key_valid(session->smb2_channel.signing_key)) { ZERO_STRUCT(channel_key); return NT_STATUS_NO_MEMORY; diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 65c04a20abf..dfc2b95b319 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -380,7 +380,8 @@ static NTSTATUS session_setup_nt1(struct composite_context *c, if (password == NULL) { password = ""; } - state->setup.nt1.in.password1 = data_blob_talloc(state, password, strlen(password)); + state->setup.nt1.in.password1 = data_blob_talloc_s( + state, password, strlen(password)); state->setup.nt1.in.password2 = data_blob(NULL, 0); } else { /* could match windows client and return 'cannot logon from this workstation', but it just confuses everybody */