From: Joseph Sutton Date: Thu, 24 Nov 2022 22:48:41 +0000 (+1300) Subject: CVE-2022-37966 auth/credentials: Allow specifying password to cli_credentials_get_aes... X-Git-Tag: samba-4.15.13~38 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=590228fd72f66412a8188b3b09d2d71e91b0d568;p=thirdparty%2Fsamba.git CVE-2022-37966 auth/credentials: Allow specifying password to cli_credentials_get_aes256_key() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237 Signed-off-by: Joseph Sutton Reviewed-by: Stefan Metzmacher [This is 4.15 only] --- diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h index e9d8b8a44b1..6fd43472ae0 100644 --- a/auth/credentials/credentials.h +++ b/auth/credentials/credentials.h @@ -347,6 +347,7 @@ NTSTATUS netlogon_creds_session_encrypt( int cli_credentials_get_aes256_key(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, + const char *password, const char *salt, DATA_BLOB *aes_256); diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c index db0842be66c..39b7b8dd57e 100644 --- a/auth/credentials/credentials_krb5.c +++ b/auth/credentials/credentials_krb5.c @@ -1462,13 +1462,13 @@ _PUBLIC_ void cli_credentials_set_target_service(struct cli_credentials *cred, c _PUBLIC_ int cli_credentials_get_aes256_key(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, + const char *password, const char *salt, DATA_BLOB *aes_256) { struct smb_krb5_context *smb_krb5_context = NULL; krb5_error_code krb5_ret; int ret; - const char *password = NULL; krb5_data cleartext_data; krb5_data salt_data; krb5_keyblock key; @@ -1478,11 +1478,6 @@ _PUBLIC_ int cli_credentials_get_aes256_key(struct cli_credentials *cred, return EINVAL; } - password = cli_credentials_get_password(cred); - if (password == NULL) { - return EINVAL; - } - cleartext_data.data = discard_const_p(char, password); cleartext_data.length = strlen(password);