From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 30 Nov 2015 08:13:14 +0000 (+0100)
Subject: CVE-2016-2110: ntlmssp.idl: add NTLMSSP_MIC_{OFFSET,SIZE}
X-Git-Tag: samba-4.2.10~193
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bb904577b8352915ce4549b7a326dcbf8ad6f0f6;p=thirdparty%2Fsamba.git

CVE-2016-2110: ntlmssp.idl: add NTLMSSP_MIC_{OFFSET,SIZE}

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---

diff --git a/librpc/idl/ntlmssp.idl b/librpc/idl/ntlmssp.idl
index 21512755279..95b4f1186f8 100644
--- a/librpc/idl/ntlmssp.idl
+++ b/librpc/idl/ntlmssp.idl
@@ -243,9 +243,12 @@ interface ntlmssp
 		[default] NTLMv2_RESPONSE v2;
 	} ntlmssp_NTLM_RESPONSE;
 
+	const int NTLMSSP_MIC_OFFSET = 72;
+	const int NTLMSSP_MIC_SIZE = 16;
+
 	typedef [flag(NDR_PAHEX)] struct {
-		uint8 MIC[16];
-	} MIC;
+		uint8 MIC[NTLMSSP_MIC_SIZE];
+	} ntlmssp_MIC;
 
 	/* [MS-NLMP] 2.2.1.3 AUTHENTICATE_MESSAGE */
 
@@ -274,7 +277,7 @@ interface ntlmssp
 		[switch_is(NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)] ntlmssp_Version Version;
 		/* MIC (Message Integrity) is only included when the client has
 		 * sent a timestap Av struct in the CHALLENGE_MESSAGE AvPair */
-		/* [flag(NDR_REMAINING)] MIC mic; */
+		/* [flag(NDR_REMAINING)] ntlmssp_MIC mic; */
 	} AUTHENTICATE_MESSAGE;
 
 	/* NTLMSSP signature version */