From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 11 May 2022 22:54:22 +0000 (+1200)
Subject: s4-samr: Fix missing check for GnuTLS errors from E_old_pw_hash()
X-Git-Tag: talloc-2.3.4~148
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c4e576052fa9bc57d288bed69abb599e1f9bb27b;p=thirdparty%2Fsamba.git

s4-samr: Fix missing check for GnuTLS errors from E_old_pw_hash()

Not likely to be an issue in the real world as the earlier calls
will have failed if weak crypto was disabled, but this was missed
in dce944e8a1119034f184336f6b71a28080152a0a.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 12 03:18:42 UTC 2022 on sn-devel-184
---

diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index 474ce1c271a..0107c98da75 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -235,7 +235,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
 	/* check NT verifier */
 	mdfour(new_nt_hash, new_password.data, new_password.length);
 
-	E_old_pw_hash(new_nt_hash, nt_pwd->hash, nt_verifier.hash);
+	rc = E_old_pw_hash(new_nt_hash, nt_pwd->hash, nt_verifier.hash);
 	if (rc != 0) {
 		status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
 		goto failed;