credentials: Always honour the return value of E_deshash()

When this returns false, the hash value is not correct as the password
could not be converted into an uppercase, 14 char or less ASCII string.

Andrew Bartlett

diff --git a/auth/credentials/credentials_ntlm.c b/auth/credentials/credentials_ntlm.c
index 7f4af4f08cd8183b829e5bf6b9f6aefe47e30cf4..2d6d6f6c55e6800019662d6e7fd1a00ce648a5d1 100644 (file)
--- a/auth/credentials/credentials_ntlm.c
+++ b/auth/credentials/credentials_ntlm.c
@@ -174,8 +174,7 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
                                        lm_response = nt_response;
                                        /* LM Key is incompatible with 'long' passwords */
                                        *flags &= ~CLI_CRED_LANMAN_AUTH;
-                               } else {
-                                       E_deshash(password, lm_hash);
+                               } else if (E_deshash(password, lm_hash)) {
                                        lm_session_key = data_blob_talloc(mem_ctx, NULL, 16);
                                        memcpy(lm_session_key.data, lm_hash, 8);
                                        memset(&lm_session_key.data[8], '\0', 8);
@@ -193,8 +192,7 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
                        *flags &= ~CLI_CRED_LANMAN_AUTH;
 
                        password = cli_credentials_get_password(cred);
-                       if (password) {
-                               E_deshash(password, lm_hash);
+                       if (password && E_deshash(password, lm_hash)) {
                                lm_session_key = data_blob_talloc(mem_ctx, NULL, 16);
                                memcpy(lm_session_key.data, lm_hash, 8);
                                memset(&lm_session_key.data[8], '\0', 8);