"Error reading password from file descriptor "
"%d: empty password\n",
fd);
+ ZERO_ARRAY(pass);
return false;
default:
fprintf(stderr, "Error reading password from file descriptor %d: %s\n",
fd, strerror(errno));
+ ZERO_ARRAY(pass);
return false;
}
}
cli_credentials_set_password(credentials, pass, obtained);
+ ZERO_ARRAY(pass);
return true;
}
GNUTLS_CIPHER_AES_128_CFB8,
&key,
&iv);
+ ZERO_ARRAY(sess_kf0);
if (rc < 0) {
DBG_ERR("ERROR: gnutls_cipher_init: %s\n",
gnutls_strerror(rc));
zeros,
4,
digest2);
+ ZERO_ARRAY(sess_kf0);
if (rc < 0) {
ZERO_ARRAY(digest2);
return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
rc = des_crypt128(creds->session_key, sum2, machine_password->hash);
if (rc != 0) {
+ ZERO_ARRAY(sum);
+ ZERO_ARRAY(sum2);
return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
}
+ ZERO_ARRAY(sum);
+ ZERO_ARRAY(sum2);
return NT_STATUS_OK;
}
return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
}
*key = tmp;
+ ZERO_STRUCT(tmp);
return NT_STATUS_OK;
}
return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
}
*key = tmp;
+ ZERO_STRUCT(tmp);
return NT_STATUS_OK;
}
return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
}
*pass = tmp;
+ ZERO_STRUCT(tmp);
return NT_STATUS_OK;
}
return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
}
*pass = tmp;
+ ZERO_STRUCT(tmp);
return NT_STATUS_OK;
}
rc = SMBOWFencrypt(part_passwd, sec_blob->data, p24);
if (rc != 0) {
+ ZERO_ARRAY(p24);
return false;
}
#endif
ok = mem_equal_const_time(p24, nt_response->data, 24);
if (!ok) {
+ ZERO_ARRAY(p24);
return false;
}
if (user_sess_key != NULL) {
*user_sess_key = data_blob_talloc(mem_ctx, NULL, 16);
if (user_sess_key->data == NULL) {
DBG_ERR("data_blob_talloc failed\n");
+ ZERO_ARRAY(p24);
return false;
}
SMBsesskeygen_ntv1(part_passwd, user_sess_key->data);
}
+ ZERO_ARRAY(p24);
return true;
}
*/
if (!ntv2_owf_gen(part_passwd, user, domain, kr)) {
+ ZERO_ARRAY(kr);
return false;
}
&client_key_data,
value_from_encryption);
if (!NT_STATUS_IS_OK(status)) {
+ ZERO_ARRAY(kr);
+ ZERO_ARRAY(value_from_encryption);
return false;
}
ok = mem_equal_const_time(value_from_encryption, ntv2_response->data, 16);
if (!ok) {
+ ZERO_ARRAY(kr);
+ ZERO_ARRAY(value_from_encryption);
return false;
}
if (user_sess_key != NULL) {
*user_sess_key = data_blob_talloc(mem_ctx, NULL, 16);
if (user_sess_key->data == NULL) {
DBG_ERR("data_blob_talloc failed\n");
+ ZERO_ARRAY(kr);
+ ZERO_ARRAY(value_from_encryption);
return false;
}
status = SMBsesskeygen_ntv2(
kr, value_from_encryption, user_sess_key->data);
if (!NT_STATUS_IS_OK(status)) {
+ ZERO_ARRAY(kr);
+ ZERO_ARRAY(value_from_encryption);
return false;
}
}
+ ZERO_ARRAY(kr);
+ ZERO_ARRAY(value_from_encryption);
return true;
}
client_key_data = data_blob_talloc(mem_ctx, ntv2_response->data+16, ntv2_response->length-16);
if (!ntv2_owf_gen(part_passwd, user, domain, kr)) {
+ ZERO_ARRAY(kr);
return false;
}
&client_key_data,
value_from_encryption);
if (!NT_STATUS_IS_OK(status)) {
+ ZERO_ARRAY(kr);
+ ZERO_ARRAY(value_from_encryption);
return false;
}
*user_sess_key = data_blob_talloc(mem_ctx, NULL, 16);
if (user_sess_key->data == NULL) {
DBG_ERR("data_blob_talloc failed\n");
+ ZERO_ARRAY(kr);
+ ZERO_ARRAY(value_from_encryption);
return false;
}
status = SMBsesskeygen_ntv2(kr,
value_from_encryption,
user_sess_key->data);
if (!NT_STATUS_IS_OK(status)) {
+ ZERO_ARRAY(kr);
+ ZERO_ARRAY(value_from_encryption);
return false;
}
+ ZERO_ARRAY(kr);
+ ZERO_ARRAY(value_from_encryption);
return true;
}
memset(first_8_lm_hash + 8, '\0', 8);
*user_sess_key = data_blob_talloc(mem_ctx, first_8_lm_hash, 16);
*lm_sess_key = data_blob_talloc(mem_ctx, stored_lanman->hash, 8);
+ ZERO_ARRAY(first_8_lm_hash);
}
return NT_STATUS_OK;
}
memset(first_8_lm_hash + 8, '\0', 8);
*user_sess_key = data_blob_talloc(mem_ctx, first_8_lm_hash, 16);
*lm_sess_key = data_blob_talloc(mem_ctx, stored_lanman->hash, 8);
+ ZERO_ARRAY(first_8_lm_hash);
}
return NT_STATUS_OK;
}
rc = des_crypt56_gnutls(bout, bin, key, encrypt);
if (rc != 0) {
+ ZERO_ARRAY(bin);
+ ZERO_ARRAY(bout);
+ ZERO_ARRAY(key);
return rc;
}
memcpy(&out->data[i], bout, 8);
+
+ ZERO_ARRAY(bin);
+ ZERO_ARRAY(bout);
+ ZERO_ARRAY(key);
}
return 0;
}
ret = gnutls_global_init();
if (ret != 0) {
+ ZERO_ARRAY(key2);
+ ZERO_ARRAY(outb);
return ret;
}
ret = gnutls_cipher_init(&ctx, GNUTLS_CIPHER_DES_CBC, &key, &iv);
if (ret != 0) {
+ ZERO_ARRAY(key2);
+ ZERO_ARRAY(outb);
return ret;
}
gnutls_cipher_deinit(ctx);
+ ZERO_ARRAY(key2);
+ ZERO_ARRAY(outb);
return ret;
}
ret = des_crypt56_gnutls(buf, in, key, SAMBA_GNUTLS_ENCRYPT);
if (ret != 0) {
+ ZERO_ARRAY(buf);
return ret;
}
- return des_crypt56_gnutls(out, buf, key+9, SAMBA_GNUTLS_ENCRYPT);
+ ret = des_crypt56_gnutls(out, buf, key + 9, SAMBA_GNUTLS_ENCRYPT);
+ ZERO_ARRAY(buf);
+ return ret;
}
/* des encryption with a 112 bit (14 byte) key */
if (encrypt == SAMBA_GNUTLS_ENCRYPT) {
ret = des_crypt56_gnutls(buf, in, key, SAMBA_GNUTLS_ENCRYPT);
if (ret != 0) {
+ ZERO_ARRAY(buf);
return ret;
}
- return des_crypt56_gnutls(out, buf, key+7, SAMBA_GNUTLS_ENCRYPT);
+ ret = des_crypt56_gnutls(out,
+ buf,
+ key + 7,
+ SAMBA_GNUTLS_ENCRYPT);
+ ZERO_ARRAY(buf);
+ return ret;
}
ret = des_crypt56_gnutls(buf, in, key+7, SAMBA_GNUTLS_DECRYPT);
if (ret != 0) {
+ ZERO_ARRAY(buf);
return ret;
}
- return des_crypt56_gnutls(out, buf, key, SAMBA_GNUTLS_DECRYPT);
+ ret = des_crypt56_gnutls(out, buf, key, SAMBA_GNUTLS_DECRYPT);
+ ZERO_ARRAY(buf);
+ return ret;
}
/* des encryption of a 16 byte lump of data with a 112 bit key */
dump_data(100, p24, 24);
#endif
+ ZERO_STRUCT(p21);
return rc;
}
if (rc != 0) {
ret = false;
}
+ ZERO_ARRAY(lm_hash);
return ret;
}
int SMBOWFencrypt(const uint8_t passwd[16], const uint8_t *c8, uint8_t p24[24])
{
uint8_t p21[21];
+ int rc;
ZERO_STRUCT(p21);
memcpy(p21, passwd, 16);
- return E_P24(p21, c8, p24);
+ rc = E_P24(p21, c8, p24);
+ ZERO_STRUCT(p21);
+ return rc;
}
/* Does the des encryption. */
dump_data(100, p24, 24);
#endif
+ ZERO_STRUCT(p21);
return rc;
}
int SMBNTencrypt(const char *passwd, const uint8_t *c8, uint8_t *p24)
{
+ int ret;
uint8_t nt_hash[16];
E_md4hash(passwd, nt_hash);
- return SMBNTencrypt_hash(nt_hash, c8, p24);
+ ret = SMBNTencrypt_hash(nt_hash, c8, p24);
+ ZERO_ARRAY(nt_hash);
+ return ret;
}
rc = des_crypt56_gnutls(p24, lm_resp, partial_lm_hash, SAMBA_GNUTLS_ENCRYPT);
if (rc < 0) {
+ ZERO_ARRAY(partial_lm_hash);
+ ZERO_ARRAY(p24);
return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
}
rc = des_crypt56_gnutls(p24+8, lm_resp, partial_lm_hash + 7, SAMBA_GNUTLS_ENCRYPT);
if (rc < 0) {
+ ZERO_ARRAY(partial_lm_hash);
+ ZERO_ARRAY(p24);
return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
}
memcpy(sess_key, p24, 16);
+ ZERO_ARRAY(partial_lm_hash);
+ ZERO_ARRAY(p24);
#ifdef DEBUG_PASSWORD
DEBUG(100, ("SMBsesskeygen_lm_sess_key: \n"));
ntlmv2_response);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(mem_ctx);
+ ZERO_ARRAY(ntlmv2_response);
return data_blob(NULL, 0);
}
talloc_free(mem_ctx);
+ ZERO_ARRAY(ntlmv2_response);
return final_response;
}
lmv2_response);
if (!NT_STATUS_IS_OK(status)) {
data_blob_free(&lmv2_client_data);
+ ZERO_ARRAY(lmv2_response);
return data_blob(NULL, 0);
}
memcpy(final_response.data, lmv2_response, sizeof(lmv2_response));
data_blob_free(&lmv2_client_data);
+ ZERO_ARRAY(lmv2_response);
return final_response;
}
This prevents username swapping during the auth exchange
*/
if (!ntv2_owf_gen(nt_hash, user, domain, ntlm_v2_hash)) {
+ ZERO_ARRAY(ntlm_v2_hash);
return false;
}
nt_response->data,
user_session_key->data);
if (!NT_STATUS_IS_OK(status)) {
+ ZERO_ARRAY(ntlm_v2_hash);
return false;
}
}
lm_response->data,
lm_session_key->data);
if (!NT_STATUS_IS_OK(status)) {
+ ZERO_ARRAY(ntlm_v2_hash);
return false;
}
}
}
+ ZERO_ARRAY(ntlm_v2_hash);
return true;
}
DATA_BLOB *lm_session_key, DATA_BLOB *user_session_key)
{
uint8_t nt_hash[16];
+ bool ret;
+
E_md4hash(password, nt_hash);
- return SMBNTLMv2encrypt_hash(mem_ctx,
- user, domain, nt_hash,
- server_chal, NULL, names_blob,
- lm_response, nt_response, lm_session_key, user_session_key);
+ ret = SMBNTLMv2encrypt_hash(mem_ctx,
+ user,
+ domain,
+ nt_hash,
+ server_chal,
+ NULL,
+ names_blob,
+ lm_response,
+ nt_response,
+ lm_session_key,
+ user_session_key);
+
+ ZERO_ARRAY(nt_hash);
+ return ret;
}
static NTSTATUS NTLMv2_RESPONSE_verify_workstation(const char *account_name,
projects / thirdparty / samba.git / commitdiff
