From: Andreas Schneider <asn@samba.org>
Date: Wed, 13 Nov 2019 08:39:19 +0000 (+0100)
Subject: libcli:auth: Check return value of netlogon_creds_init_128bit()
X-Git-Tag: talloc-2.3.1~34
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2c21cd6d49d56611acb2f364473d8c2e73e74545;p=thirdparty%2Fsamba.git

libcli:auth: Check return value of netlogon_creds_init_128bit()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index baa436df71b..1c01930a9d9 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -580,6 +580,8 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me
 {
 
 	struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
+	NTSTATUS status;
+
 
 	if (!creds) {
 		return NULL;
@@ -604,8 +606,6 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me
 	}
 
 	if (negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
-		NTSTATUS status;
-
 		status = netlogon_creds_init_hmac_sha256(creds,
 							 client_challenge,
 							 server_challenge,
@@ -615,8 +615,14 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me
 			return NULL;
 		}
 	} else if (negotiate_flags & NETLOGON_NEG_STRONG_KEYS) {
-		netlogon_creds_init_128bit(creds, client_challenge, server_challenge,
-					   machine_password);
+		status = netlogon_creds_init_128bit(creds,
+						    client_challenge,
+						    server_challenge,
+						    machine_password);
+		if (!NT_STATUS_IS_OK(status)) {
+			talloc_free(creds);
+			return NULL;
+		}
 	} else {
 		netlogon_creds_init_64bit(creds, client_challenge, server_challenge,
 					  machine_password);