Make decode_wkssvc_join_password_buffer() return WERRORs.

Guenther
(This used to be commit 88e9da2f14b41a62bdb478f9ffc2de66643bbf14)

diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index 8793fdcb55ef9b8fd5fa200fdbee9ddb06f44406..9e37d1d6cfa4b98b822559471b4ac1ceacb01796 100644 (file)
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -731,10 +731,10 @@ void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
        data_blob_free(&confounded_session_key);
 }
 
-void decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
-                                       struct wkssvc_PasswordBuffer *pwd_buf,
-                                       DATA_BLOB *session_key,
-                                       char **pwd)
+WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
+                                         struct wkssvc_PasswordBuffer *pwd_buf,
+                                         DATA_BLOB *session_key,
+                                         char **pwd)
 {
        uint8_t buffer[516];
        struct MD5Context ctx;
@@ -745,6 +745,11 @@ void decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
        int confounder_len = 8;
        uint8_t confounder[8];
 
+       if (session_key->length != 16) {
+               DEBUG(10,("invalid session key\n"));
+               return WERR_BAD_PASSWORD;
+       }
+
        memcpy(&confounder, &pwd_buf->data[0], confounder_len);
        memcpy(&buffer, &pwd_buf->data[8], 516);
 
@@ -755,7 +760,11 @@ void decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
 
        SamOEMhashBlob(buffer, 516, &confounded_session_key);
 
-       decode_pw_buffer(mem_ctx, buffer, pwd, &pwd_len, STR_UNICODE);
+       if (!decode_pw_buffer(mem_ctx, buffer, pwd, &pwd_len, STR_UNICODE)) {
+               return WERR_BAD_PASSWORD;
+       }
 
        data_blob_free(&confounded_session_key);
+
+       return WERR_OK;
 }