samba.git/libcli/auth, branch talloc-2.3.3 Unnamed repository; edit this file 'description' to name the repository. Fix gcc11 compiler issue "-Werror=maybe-uninitialized" 2021-05-07T06:23:32+00:00 Günther Deschner gd@samba.org 2021-05-03T19:27:43+00:00 0e1695df7fe8952b5c503cf7ab1ff31784736988 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14699 ../../source4/dsdb/common/util_links.c: In function ‘ndr_guid_compare’: ../../source4/dsdb/common/util_links.c:38:29: error: ‘v1_data’ may be used uninitialized [-Werror=maybe-uninitialized] 38 | struct ldb_val v1 = data_blob_const(v1_data, sizeof(v1_data)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from ../../source4/../lib/util/samba_util.h:48, from ../../source4/include/includes.h:62, from ../../source4/dsdb/common/util_links.c:22: ../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here 116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length); | ^~~~~~~~~~~~~~~ ../../source4/dsdb/common/util_links.c:37:17: note: ‘v1_data’ declared here 37 | uint8_t v1_data[16]; | ^~~~~~~ cc1: all warnings being treated as errors [1729/3991] Compiling source3/smbd/smbXsrv_open.c ../../libcli/auth/smbencrypt.c: In function ‘decode_wkssvc_join_password_buffer’: ../../libcli/auth/smbencrypt.c:1045:32: error: ‘_confounder’ may be used uninitialized [-Werror=maybe-uninitialized] 1045 | DATA_BLOB confounder = data_blob_const(_confounder, 8); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from ../../source4/../lib/util/samba_util.h:48, from ../../source4/include/includes.h:62, from ../../libcli/auth/smbencrypt.c:24: ../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here 116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length); | ^~~~~~~~~~~~~~~ ../../libcli/auth/smbencrypt.c:1044:17: note: ‘_confounder’ declared here 1044 | uint8_t _confounder[8]; | ^~~~~~~~~~~ cc1: all warnings being treated as errors [2624/3991] Compiling source4/torture/rpc/samr.c ../../source3/rpc_client/cli_samr.c: In function ‘dcerpc_samr_chgpasswd_user2’: ../../source3/rpc_client/cli_samr.c:158:33: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized] 158 | DATA_BLOB session_key = data_blob_const(old_nt_hash, 16); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from ../../source3/../lib/util/samba_util.h:48, from ../../source3/include/includes.h:256, from ../../source3/rpc_client/cli_samr.c:24: ../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here 116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length); | ^~~~~~~~~~~~~~~ ../../source3/rpc_client/cli_samr.c:152:17: note: ‘old_nt_hash’ declared here 152 | uint8_t old_nt_hash[16]; | ^~~~~~~~~~~ ../../source3/rpc_client/cli_samr.c: In function ‘dcerpc_samr_chgpasswd_user3’: ../../source3/rpc_client/cli_samr.c:365:33: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized] 365 | DATA_BLOB session_key = data_blob_const(old_nt_hash, 16); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from ../../source3/../lib/util/samba_util.h:48, from ../../source3/include/includes.h:256, from ../../source3/rpc_client/cli_samr.c:24: ../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here 116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length); | ^~~~~~~~~~~~~~~ ../../source3/rpc_client/cli_samr.c:358:17: note: ‘old_nt_hash’ declared here 358 | uint8_t old_nt_hash[16]; | ^~~~~~~~~~~ cc1: all warnings being treated as errors [3399/3991] Compiling source3/rpcclient/cmd_spotlight.c ../../source3/smbd/smbXsrv_open.c: In function ‘smbXsrv_open_set_replay_cache’: ../../source3/smbd/smbXsrv_open.c:936:26: error: ‘data’ may be used uninitialized [-Werror=maybe-uninitialized] 936 | DATA_BLOB blob = data_blob_const(data, ARRAY_SIZE(data)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from ../../source3/../lib/util/samba_util.h:48, from ../../source3/include/includes.h:256, from ../../source3/smbd/smbXsrv_open.c:21: ../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here 116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length); | ^~~~~~~~~~~~~~~ ../../source3/smbd/smbXsrv_open.c:935:17: note: ‘data’ declared here 935 | uint8_t data[SMBXSRV_OPEN_REPLAY_CACHE_FIXED_SIZE]; | ^~~~ cc1: all warnings being treated as errors ../../source3/rpcclient/cmd_spotlight.c: In function ‘cmd_mdssvc_fetch_properties’: ../../source3/rpcclient/cmd_spotlight.c:60:18: error: ‘share_path’ may be used uninitialized [-Werror=maybe-uninitialized] 60 | status = dcerpc_mdssvc_open(b, mem_ctx, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 61 | &device_id, | ~~~~~~~~~~~ 62 | &unkn1, | ~~~~~~~ 63 | &unkn2, | ~~~~~~~ 64 | argv[2], | ~~~~~~~~ 65 | argv[1], | ~~~~~~~~ 66 | share_path, | ~~~~~~~~~~~ 67 | &share_handle); | ~~~~~~~~~~~~~~ In file included from ../../source3/rpcclient/cmd_spotlight.c:24: source3/../librpc/gen_ndr/ndr_mdssvc_c.h:26:10: note: by argument 8 of type ‘const char *’ to ‘dcerpc_mdssvc_open’ declared here 26 | NTSTATUS dcerpc_mdssvc_open(struct dcerpc_binding_handle *h, | ^~~~~~~~~~~~~~~~~~ ../../source3/rpcclient/cmd_spotlight.c:40:14: note: ‘share_path’ declared here 40 | char share_path[1025]; | ^~~~~~~~~~ cc1: all warnings being treated as errors ../../source4/torture/rpc/samr.c: In function ‘test_ChangePasswordUser2’: ../../source4/torture/rpc/samr.c:2266:19: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized] 2266 | = data_blob_const(old_nt_hash, sizeof(old_nt_hash)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from ../../source4/../lib/util/samba_util.h:48, from ../../source4/include/includes.h:62, from ../../source4/torture/rpc/samr.c:24: ../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here 116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length); | ^~~~~~~~~~~~~~~ ../../source4/torture/rpc/samr.c:2263:17: note: ‘old_nt_hash’ declared here 2263 | uint8_t old_nt_hash[16], new_nt_hash[16]; | ^~~~~~~~~~~ ../../source4/torture/rpc/samr.c: In function ‘test_ChangePasswordUser2_ntstatus’: ../../source4/torture/rpc/samr.c:2371:19: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized] 2371 | = data_blob_const(old_nt_hash, sizeof(old_nt_hash)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from ../../source4/../lib/util/samba_util.h:48, from ../../source4/include/includes.h:62, from ../../source4/torture/rpc/samr.c:24: ../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here 116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length); | ^~~~~~~~~~~~~~~ ../../source4/torture/rpc/samr.c:2368:17: note: ‘old_nt_hash’ declared here 2368 | uint8_t old_nt_hash[16], new_nt_hash[16]; | ^~~~~~~~~~~ ../../source4/torture/rpc/samr.c: In function ‘test_ChangePasswordUser3’: ../../source4/torture/rpc/samr.c:2478:38: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized] 2478 | DATA_BLOB old_nt_hash_blob = data_blob_const(old_nt_hash, 16); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from ../../source4/../lib/util/samba_util.h:48, from ../../source4/include/includes.h:62, from ../../source4/torture/rpc/samr.c:24: ../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here 116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length); | ^~~~~~~~~~~~~~~ ../../source4/torture/rpc/samr.c:2473:17: note: ‘old_nt_hash’ declared here 2473 | uint8_t old_nt_hash[16], new_nt_hash[16]; | ^~~~~~~~~~~ ../../source4/torture/rpc/samr.c: In function ‘test_ChangePasswordRandomBytes’: ../../source4/torture/rpc/samr.c:2794:19: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized] 2794 | = data_blob_const(old_nt_hash, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2795 | sizeof(old_nt_hash)); | ~~~~~~~~~~~~~~~~~~~~ In file included from ../../source4/../lib/util/samba_util.h:48, from ../../source4/include/includes.h:62, from ../../source4/torture/rpc/samr.c:24: ../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here 116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length); | ^~~~~~~~~~~~~~~ ../../source4/torture/rpc/samr.c:2792:17: note: ‘old_nt_hash’ declared here 2792 | uint8_t old_nt_hash[16], new_nt_hash[16]; | ^~~~~~~~~~~ cc1: all warnings being treated as errors Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14699

../../source4/dsdb/common/util_links.c: In function ‘ndr_guid_compare’:
../../source4/dsdb/common/util_links.c:38:29: error: ‘v1_data’ may be used uninitialized [-Werror=maybe-uninitialized]
   38 |         struct ldb_val v1 = data_blob_const(v1_data, sizeof(v1_data));
      |                             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../source4/../lib/util/samba_util.h:48,
                 from ../../source4/include/includes.h:62,
                 from ../../source4/dsdb/common/util_links.c:22:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
  116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
      |                    ^~~~~~~~~~~~~~~
../../source4/dsdb/common/util_links.c:37:17: note: ‘v1_data’ declared here
   37 |         uint8_t v1_data[16];
      |                 ^~~~~~~
cc1: all warnings being treated as errors

[1729/3991] Compiling source3/smbd/smbXsrv_open.c
../../libcli/auth/smbencrypt.c: In function ‘decode_wkssvc_join_password_buffer’:
../../libcli/auth/smbencrypt.c:1045:32: error: ‘_confounder’ may be used uninitialized [-Werror=maybe-uninitialized]
 1045 |         DATA_BLOB confounder = data_blob_const(_confounder, 8);
      |                                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../source4/../lib/util/samba_util.h:48,
                 from ../../source4/include/includes.h:62,
                 from ../../libcli/auth/smbencrypt.c:24:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
  116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
      |                    ^~~~~~~~~~~~~~~
../../libcli/auth/smbencrypt.c:1044:17: note: ‘_confounder’ declared here
 1044 |         uint8_t _confounder[8];
      |                 ^~~~~~~~~~~
cc1: all warnings being treated as errors

[2624/3991] Compiling source4/torture/rpc/samr.c
../../source3/rpc_client/cli_samr.c: In function ‘dcerpc_samr_chgpasswd_user2’:
../../source3/rpc_client/cli_samr.c:158:33: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized]
  158 |         DATA_BLOB session_key = data_blob_const(old_nt_hash, 16);
      |                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../source3/../lib/util/samba_util.h:48,
                 from ../../source3/include/includes.h:256,
                 from ../../source3/rpc_client/cli_samr.c:24:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
  116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
      |                    ^~~~~~~~~~~~~~~
../../source3/rpc_client/cli_samr.c:152:17: note: ‘old_nt_hash’ declared here
  152 |         uint8_t old_nt_hash[16];
      |                 ^~~~~~~~~~~
../../source3/rpc_client/cli_samr.c: In function ‘dcerpc_samr_chgpasswd_user3’:
../../source3/rpc_client/cli_samr.c:365:33: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized]
  365 |         DATA_BLOB session_key = data_blob_const(old_nt_hash, 16);
      |                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../source3/../lib/util/samba_util.h:48,
                 from ../../source3/include/includes.h:256,
                 from ../../source3/rpc_client/cli_samr.c:24:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
  116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
      |                    ^~~~~~~~~~~~~~~
../../source3/rpc_client/cli_samr.c:358:17: note: ‘old_nt_hash’ declared here
  358 |         uint8_t old_nt_hash[16];
      |                 ^~~~~~~~~~~
cc1: all warnings being treated as errors

[3399/3991] Compiling source3/rpcclient/cmd_spotlight.c
../../source3/smbd/smbXsrv_open.c: In function ‘smbXsrv_open_set_replay_cache’:
../../source3/smbd/smbXsrv_open.c:936:26: error: ‘data’ may be used uninitialized [-Werror=maybe-uninitialized]
  936 |         DATA_BLOB blob = data_blob_const(data, ARRAY_SIZE(data));
      |                          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../source3/../lib/util/samba_util.h:48,
                 from ../../source3/include/includes.h:256,
                 from ../../source3/smbd/smbXsrv_open.c:21:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
  116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
      |                    ^~~~~~~~~~~~~~~
../../source3/smbd/smbXsrv_open.c:935:17: note: ‘data’ declared here
  935 |         uint8_t data[SMBXSRV_OPEN_REPLAY_CACHE_FIXED_SIZE];
      |                 ^~~~
cc1: all warnings being treated as errors

../../source3/rpcclient/cmd_spotlight.c: In function ‘cmd_mdssvc_fetch_properties’:
../../source3/rpcclient/cmd_spotlight.c:60:18: error: ‘share_path’ may be used uninitialized [-Werror=maybe-uninitialized]
   60 |         status = dcerpc_mdssvc_open(b, mem_ctx,
      |                  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   61 |                                     &device_id,
      |                                     ~~~~~~~~~~~
   62 |                                     &unkn1,
      |                                     ~~~~~~~
   63 |                                     &unkn2,
      |                                     ~~~~~~~
   64 |                                     argv[2],
      |                                     ~~~~~~~~
   65 |                                     argv[1],
      |                                     ~~~~~~~~
   66 |                                     share_path,
      |                                     ~~~~~~~~~~~
   67 |                                     &share_handle);
      |                                     ~~~~~~~~~~~~~~
In file included from ../../source3/rpcclient/cmd_spotlight.c:24:
source3/../librpc/gen_ndr/ndr_mdssvc_c.h:26:10: note: by argument 8 of type ‘const char *’ to ‘dcerpc_mdssvc_open’ declared here
   26 | NTSTATUS dcerpc_mdssvc_open(struct dcerpc_binding_handle *h,
      |          ^~~~~~~~~~~~~~~~~~
../../source3/rpcclient/cmd_spotlight.c:40:14: note: ‘share_path’ declared here
   40 |         char share_path[1025];
      |              ^~~~~~~~~~
cc1: all warnings being treated as errors

../../source4/torture/rpc/samr.c: In function ‘test_ChangePasswordUser2’:
../../source4/torture/rpc/samr.c:2266:19: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized]
 2266 |                 = data_blob_const(old_nt_hash, sizeof(old_nt_hash));
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../source4/../lib/util/samba_util.h:48,
                 from ../../source4/include/includes.h:62,
                 from ../../source4/torture/rpc/samr.c:24:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
  116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
      |                    ^~~~~~~~~~~~~~~
../../source4/torture/rpc/samr.c:2263:17: note: ‘old_nt_hash’ declared here
 2263 |         uint8_t old_nt_hash[16], new_nt_hash[16];
      |                 ^~~~~~~~~~~
../../source4/torture/rpc/samr.c: In function ‘test_ChangePasswordUser2_ntstatus’:
../../source4/torture/rpc/samr.c:2371:19: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized]
 2371 |                 = data_blob_const(old_nt_hash, sizeof(old_nt_hash));
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../source4/../lib/util/samba_util.h:48,
                 from ../../source4/include/includes.h:62,
                 from ../../source4/torture/rpc/samr.c:24:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
  116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
      |                    ^~~~~~~~~~~~~~~
../../source4/torture/rpc/samr.c:2368:17: note: ‘old_nt_hash’ declared here
 2368 |         uint8_t old_nt_hash[16], new_nt_hash[16];
      |                 ^~~~~~~~~~~
../../source4/torture/rpc/samr.c: In function ‘test_ChangePasswordUser3’:
../../source4/torture/rpc/samr.c:2478:38: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized]
 2478 |         DATA_BLOB old_nt_hash_blob = data_blob_const(old_nt_hash, 16);
      |                                      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../source4/../lib/util/samba_util.h:48,
                 from ../../source4/include/includes.h:62,
                 from ../../source4/torture/rpc/samr.c:24:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
  116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
      |                    ^~~~~~~~~~~~~~~
../../source4/torture/rpc/samr.c:2473:17: note: ‘old_nt_hash’ declared here
 2473 |         uint8_t old_nt_hash[16], new_nt_hash[16];
      |                 ^~~~~~~~~~~
../../source4/torture/rpc/samr.c: In function ‘test_ChangePasswordRandomBytes’:
../../source4/torture/rpc/samr.c:2794:19: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized]
 2794 |                 = data_blob_const(old_nt_hash,
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
 2795 |                                   sizeof(old_nt_hash));
      |                                   ~~~~~~~~~~~~~~~~~~~~
In file included from ../../source4/../lib/util/samba_util.h:48,
                 from ../../source4/include/includes.h:62,
                 from ../../source4/torture/rpc/samr.c:24:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
  116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
      |                    ^~~~~~~~~~~~~~~
../../source4/torture/rpc/samr.c:2792:17: note: ‘old_nt_hash’ declared here
 2792 |         uint8_t old_nt_hash[16], new_nt_hash[16];
      |                 ^~~~~~~~~~~
cc1: all warnings being treated as errors

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
librpc: Remove the gensec dependency from library dcerpc-binding 2021-04-06T23:33:14+00:00 Volker Lendecke vl@samba.org 2021-04-02T11:41:21+00:00 4d3b6506d30e4bf302f832493dad00a83b73d370 This means yet another library, but having to depend on gensec just for dcerpc_parse_binding() and basic packet parsing seems like a bit overkill to me. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Apr 6 23:33:14 UTC 2021 on sn-devel-184 
This means yet another library, but having to depend on gensec just
for dcerpc_parse_binding() and basic packet parsing seems like a bit
overkill to me.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr  6 23:33:14 UTC 2021 on sn-devel-184
CVE-2020-1472(ZeroLogon): libcli/auth: reject weak client challenges in netlogon_creds_server_init() 2020-09-18T12:48:38+00:00 Stefan Metzmacher metze@samba.org 2020-09-16T14:17:29+00:00 d3123858fb59046e826cf2c7ec2a3839e6508624 This implements the note from MS-NRPC 3.1.4.1 Session-Key Negotiation: 7. If none of the first 5 bytes of the client challenge is unique, the server MUST fail session-key negotiation without further processing of the following steps. It lets ./zerologon_tester.py from https://github.com/SecuraBV/CVE-2020-1472.git report: "Attack failed. Target is probably patched." BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
This implements the note from MS-NRPC 3.1.4.1 Session-Key Negotiation:

 7. If none of the first 5 bytes of the client challenge is unique, the
    server MUST fail session-key negotiation without further processing of
    the following steps.

It lets ./zerologon_tester.py from
https://github.com/SecuraBV/CVE-2020-1472.git
report: "Attack failed. Target is probably patched."

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_is_random_challenge() to avoid weak values 2020-09-18T12:48:38+00:00 Stefan Metzmacher metze@samba.org 2020-09-16T14:15:26+00:00 53528c71ffdb3377c4e73ac596c8507bc3898e83 This is the check Windows is using, so we won't generate challenges, which are rejected by Windows DCs (and future Samba DCs). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
This is the check Windows is using, so we won't generate challenges,
which are rejected by Windows DCs (and future Samba DCs).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
CVE-2020-1472(ZeroLogon): libcli/auth: make use of netlogon_creds_random_challenge() in netlogon_creds_cli.c 2020-09-18T12:48:38+00:00 Stefan Metzmacher metze@samba.org 2020-09-16T14:08:38+00:00 46642fd32d91b008615b859cfdf946f63b1ca0aa This will avoid getting rejected by the server if we generate a weak challenge. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
This will avoid getting rejected by the server if we generate
a weak challenge.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_random_challenge() 2020-09-18T12:48:38+00:00 Stefan Metzmacher metze@samba.org 2020-09-16T14:04:57+00:00 b813cdcac377210c3ab18e0d0a0c1a76870b1d74 It's good to have just a single isolated function that will generate random challenges, in future we can add some logic in order to avoid weak values, which are likely to be rejected by a server. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
It's good to have just a single isolated function that will generate
random challenges, in future we can add some logic in order to
avoid weak values, which are likely to be rejected by a server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
CVE-2020-10704: lib util asn1: Add ASN.1 max tree depth 2020-05-04T02:59:31+00:00 Gary Lockyer gary@catalyst.net.nz 2020-04-02T23:18:03+00:00 f467727db5ff6a6e58d9b590e4d443a1d974b679 Add maximum parse tree depth to the call to asn1_init, which will be used to limit the depth of the ASN.1 parse tree. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Add maximum parse tree depth to the call to asn1_init, which will be
used to limit the depth of the ASN.1 parse tree.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
auth: Avoid casts in ntlm_check.c 2020-01-06T03:12:19+00:00 Volker Lendecke vl@samba.org 2020-01-03T13:24:13+00:00 e4ad0013787a726bfc3d1ba3644b60a6c77ace37 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Gary Lockyer <gary@samba.org> Autobuild-Date(master): Mon Jan 6 03:12:20 UTC 2020 on sn-devel-184 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Mon Jan  6 03:12:20 UTC 2020 on sn-devel-184
auth: Check for talloc failure in smb_sess_key_ntlmv2() 2020-01-06T01:47:30+00:00 Volker Lendecke vl@samba.org 2020-01-03T13:04:02+00:00 e02d24c0875eb04a53c19119148f5203374382e0 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
auth: Slightly simplify smb_pwd_check_ntlmv1() 2020-01-06T01:47:30+00:00 Volker Lendecke vl@samba.org 2020-01-03T13:10:00+00:00 4014d91b9a68aa2161421896a82d84e4211e480e Do an early return for the failure case Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
Do an early return for the failure case

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>