[SCM] Samba Shared Repository - branch master updated

Pavel Filipensky Tue, 13 Jan 2026 04:35:29 -0800

The branch, master has been updated
       via  e7e0b69f04b auth/ntlmssp: Zero memory in ntlmssp_client.c
       via  030bd50b795 auth/ntlmssp: Add missing memory allocation checks is 
ntlmssp_client.c
       via  6e693cea8c2 auth/ntlmssp: Zero sensitive memory in gensec_ntlmssp.c
       via  f8d74b4a486 source3/auth: Zero memory in auth_util.c
       via  e1c93dc2b49 auth/credentials: Zero memory in credentials_ntlm.c
       via  7870a493712 auth/kerberos: Zero sensitive memory in gssapi_pac.c
       via  d5d5475a083 auth/kerberos: Check memory allocation in 
gssapi_get_session_key()
       via  ad93bcef169 auth: Fix trailing whitespaces in gssapi_pac.c
       via  c3cafe34c8b lib/krb5_wrap: Check memory allocation in 
smb_krb5_get_smb_session_key()
       via  4b9990e52f5 lib/krb5_wrap: Zero sensitive memory in krb5_samba.c
       via  8980aca4d91 s4: Fix trailing whitespaces in sesssetup.c
       via  08adb5fbaaf auth: Fix typo "pass-though" ->  "pass-through"
       via  2111573b42c libcli:auth: Fix trailing whitespaces in ntlm_check.c
      from  962d5854bd9 s3:lib/util_sock: allow {before,after}_connect hooks to 
be passed to open_socket_out_send()


https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit e7e0b69f04be4e5a300ee84d53833f287ee81f2e
Author: Pavel Filipenský <[email protected]>
Date:   Tue Dec 9 11:25:05 2025 +0100

    auth/ntlmssp: Zero memory in ntlmssp_client.c
    
    Signed-off-by: Pavel Filipenský <[email protected]>
    Reviewed-by: Andreas Schneider <[email protected]>
    
    Autobuild-User(master): Pavel Filipensky <[email protected]>
    Autobuild-Date(master): Tue Jan 13 12:34:02 UTC 2026 on atb-devel-224

commit 030bd50b7954932ed748d087ccf66d743fe920a7
Author: Pavel Filipenský <[email protected]>
Date:   Tue Dec 9 11:27:07 2025 +0100

    auth/ntlmssp: Add missing memory allocation checks is ntlmssp_client.c
    
    Signed-off-by: Pavel Filipenský <[email protected]>
    Reviewed-by: Andreas Schneider <[email protected]>

commit 6e693cea8c241b6cd8abf66005c3dd1f4ce9c436
Author: Pavel Filipenský <[email protected]>
Date:   Thu Nov 6 12:38:39 2025 +0100

    auth/ntlmssp: Zero sensitive memory in gensec_ntlmssp.c
    
    Signed-off-by: Pavel Filipenský <[email protected]>
    Reviewed-by: Andreas Schneider <[email protected]>

commit f8d74b4a486221013a0ccd281725100390d579cb
Author: Pavel Filipenský <[email protected]>
Date:   Sun Nov 23 10:52:57 2025 +0100

    source3/auth: Zero memory in auth_util.c
    
    Signed-off-by: Pavel Filipenský <[email protected]>
    Reviewed-by: Andreas Schneider <[email protected]>

commit e1c93dc2b49b3139d5a38662009cde0f3220a966
Author: Pavel Filipenský <[email protected]>
Date:   Thu Nov 6 17:09:42 2025 +0100

    auth/credentials: Zero memory in credentials_ntlm.c
    
    Signed-off-by: Pavel Filipenský <[email protected]>
    Reviewed-by: Andreas Schneider <[email protected]>

commit 7870a49371226b3218fb9ce1e97c1ec4bf2f1294
Author: Pavel Filipenský <[email protected]>
Date:   Thu Dec 4 13:03:58 2025 +0100

    auth/kerberos: Zero sensitive memory in gssapi_pac.c
    
    Signed-off-by: Pavel Filipenský <[email protected]>
    Reviewed-by: Andreas Schneider <[email protected]>

commit d5d5475a0839c4ae5935106542b204e4fa8c48da
Author: Pavel Filipenský <[email protected]>
Date:   Thu Dec 4 13:02:19 2025 +0100

    auth/kerberos: Check memory allocation in gssapi_get_session_key()
    
    Signed-off-by: Pavel Filipenský <[email protected]>
    Reviewed-by: Andreas Schneider <[email protected]>

commit ad93bcef1690dedd1166b8e2c29d9546222faa4e
Author: Pavel Filipenský <[email protected]>
Date:   Thu Nov 6 15:05:04 2025 +0100

    auth: Fix trailing whitespaces in gssapi_pac.c
    
    Signed-off-by: Pavel Filipenský <[email protected]>
    Reviewed-by: Andreas Schneider <[email protected]>

commit c3cafe34c8b3a7f1981c2f1cb250f2727971628f
Author: Pavel Filipenský <[email protected]>
Date:   Thu Dec 4 12:50:29 2025 +0100

    lib/krb5_wrap: Check memory allocation in smb_krb5_get_smb_session_key()
    
    Signed-off-by: Pavel Filipenský <[email protected]>
    Reviewed-by: Andreas Schneider <[email protected]>

commit 4b9990e52f52082fe8c6ba55947698044741b5b1
Author: Pavel Filipenský <[email protected]>
Date:   Thu Dec 4 12:49:32 2025 +0100

    lib/krb5_wrap: Zero sensitive memory in krb5_samba.c
    
    Signed-off-by: Pavel Filipenský <[email protected]>
    Reviewed-by: Andreas Schneider <[email protected]>

commit 8980aca4d91f83f32468cec1c1b70ee3b3f70d5c
Author: Pavel Filipenský <[email protected]>
Date:   Thu Nov 6 11:59:59 2025 +0100

    s4: Fix trailing whitespaces in sesssetup.c
    
    Signed-off-by: Pavel Filipenský <[email protected]>
    Reviewed-by: Andreas Schneider <[email protected]>

commit 08adb5fbaaf037782b32b99ba46e820c0a4dfca8
Author: Pavel Filipenský <[email protected]>
Date:   Thu Nov 6 21:44:56 2025 +0100

    auth: Fix typo "pass-though" ->  "pass-through"
    
    Signed-off-by: Pavel Filipenský <[email protected]>
    Reviewed-by: Andreas Schneider <[email protected]>

commit 2111573b42cd428acae5134b2cb065d6048d1fd8
Author: Pavel Filipenský <[email protected]>
Date:   Thu Nov 6 21:44:56 2025 +0100

    libcli:auth: Fix trailing whitespaces in ntlm_check.c
    
    Signed-off-by: Pavel Filipenský <[email protected]>
    Reviewed-by: Andreas Schneider <[email protected]>

-----------------------------------------------------------------------

Summary of changes:
 auth/credentials/credentials_internal.h |   2 +-
 auth/credentials/credentials_ntlm.c     |  74 +++++++++++-----------
 auth/kerberos/gssapi_pac.c              |  21 +++++--
 auth/ntlmssp/gensec_ntlmssp.c           |   4 +-
 auth/ntlmssp/ntlmssp_client.c           |  34 +++++++---
 lib/krb5_wrap/krb5_samba.c              |  13 +++-
 libcli/auth/ntlm_check.c                | 106 ++++++++++++++++----------------
 source3/auth/auth_util.c                |  20 +++---
 source4/smb_server/smb/sesssetup.c      |  30 ++++-----
 9 files changed, 167 insertions(+), 137 deletions(-)


Changeset truncated at 500 lines:

diff --git a/auth/credentials/credentials_internal.h 
b/auth/credentials/credentials_internal.h
index 72ec390ad7e..72a8643d297 100644
--- a/auth/credentials/credentials_internal.h
+++ b/auth/credentials/credentials_internal.h
@@ -68,7 +68,7 @@ struct cli_credentials {
        struct samr_Password *nt_hash;
        struct samr_Password *old_nt_hash;
 
-       /* Allows NTLM pass-though authentication */
+       /* Allows NTLM pass-through authentication */
        DATA_BLOB lm_response;
        DATA_BLOB lm_session_key;
        DATA_BLOB nt_response;
diff --git a/auth/credentials/credentials_ntlm.c 
b/auth/credentials/credentials_ntlm.c
index 002ce4bd060..fa9aa72f3d6 100644
--- a/auth/credentials/credentials_ntlm.c
+++ b/auth/credentials/credentials_ntlm.c
@@ -59,35 +59,35 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct 
cli_credentials *cred
        }
 
        /* We may already have an NTLM response we prepared earlier.
-        * This is used for NTLM pass-though authentication */
+        * This is used for NTLM pass-through authentication */
        if (cred->nt_response.data || cred->lm_response.data) {
                if (cred->nt_response.length != 0) {
-                       nt_response = data_blob_dup_talloc(frame,
-                                                          cred->nt_response);
+                       nt_response = data_blob_dup_talloc_s(frame,
+                                                            cred->nt_response);
                        if (nt_response.data == NULL) {
                                TALLOC_FREE(frame);
                                return NT_STATUS_NO_MEMORY;
                        }
                }
                if (cred->nt_session_key.length != 0) {
-                       session_key = data_blob_dup_talloc(frame,
-                                                          
cred->nt_session_key);
+                       session_key = data_blob_dup_talloc_s(
+                               frame, cred->nt_session_key);
                        if (session_key.data == NULL) {
                                TALLOC_FREE(frame);
                                return NT_STATUS_NO_MEMORY;
                        }
                }
                if (cred->lm_response.length != 0) {
-                       lm_response = data_blob_dup_talloc(frame,
-                                                          cred->lm_response);
+                       lm_response = data_blob_dup_talloc_s(frame,
+                                                            cred->lm_response);
                        if (lm_response.data == NULL) {
                                TALLOC_FREE(frame);
                                return NT_STATUS_NO_MEMORY;
                        }
                }
                if (cred->lm_session_key.length != 0) {
-                       lm_session_key = data_blob_dup_talloc(frame,
-                                                             
cred->lm_session_key);
+                       lm_session_key = data_blob_dup_talloc_s(
+                               frame, cred->lm_session_key);
                        if (lm_session_key.data == NULL) {
                                TALLOC_FREE(frame);
                                return NT_STATUS_NO_MEMORY;
@@ -128,12 +128,12 @@ _PUBLIC_ NTSTATUS 
cli_credentials_get_ntlm_response(struct cli_credentials *cred
                /* do nothing - blobs are zero length */
 
                /* session key is all zeros */
-               session_key = data_blob_talloc_zero(frame, 16);
+               session_key = data_blob_talloc_zero_s(frame, 16);
                if (session_key.data == NULL) {
                        TALLOC_FREE(frame);
                        return NT_STATUS_NO_MEMORY;
                }
-               lm_session_key = data_blob_talloc_zero(frame, 16);
+               lm_session_key = data_blob_talloc_zero_s(frame, 16);
                if (lm_session_key.data == NULL) {
                        TALLOC_FREE(frame);
                        return NT_STATUS_NO_MEMORY;
@@ -177,7 +177,7 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct 
cli_credentials *cred
                uint8_t session_nonce_hash[16];
                uint8_t user_session_key[16];
 
-               lm_response = data_blob_talloc_zero(frame, 24);
+               lm_response = data_blob_talloc_zero_s(frame, 24);
                if (lm_response.data == NULL) {
                        TALLOC_FREE(frame);
                        return NT_STATUS_NO_MEMORY;
@@ -199,7 +199,7 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct 
cli_credentials *cred
                DEBUG(5, ("challenge is: \n"));
                dump_data(5, session_nonce_hash, 8);
 
-               nt_response = data_blob_talloc_zero(frame, 24);
+               nt_response = data_blob_talloc_zero_s(frame, 24);
                if (nt_response.data == NULL) {
                        TALLOC_FREE(frame);
                        return NT_STATUS_NO_MEMORY;
@@ -214,7 +214,7 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct 
cli_credentials *cred
 
                ZERO_ARRAY(session_nonce_hash);
 
-               session_key = data_blob_talloc_zero(frame, 16);
+               session_key = data_blob_talloc_zero_s(frame, 16);
                if (session_key.data == NULL) {
                        TALLOC_FREE(frame);
                        return NT_STATUS_NO_MEMORY;
@@ -243,7 +243,7 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct 
cli_credentials *cred
                uint8_t lm_hash[16];
                bool do_lm = false;
 
-               nt_response = data_blob_talloc_zero(frame, 24);
+               nt_response = data_blob_talloc_zero_s(frame, 24);
                if (nt_response.data == NULL) {
                        TALLOC_FREE(frame);
                        return NT_STATUS_NO_MEMORY;
@@ -255,7 +255,7 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct 
cli_credentials *cred
                        return gnutls_error_to_ntstatus(rc, 
NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
                }
 
-               session_key = data_blob_talloc_zero(frame, 16);
+               session_key = data_blob_talloc_zero_s(frame, 16);
                if (session_key.data == NULL) {
                        TALLOC_FREE(frame);
                        return NT_STATUS_NO_MEMORY;
@@ -271,7 +271,7 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct 
cli_credentials *cred
                }
 
                if (*flags & CLI_CRED_LANMAN_AUTH && do_lm) {
-                       lm_response = data_blob_talloc_zero(frame, 24);
+                       lm_response = data_blob_talloc_zero_s(frame, 24);
                        if (lm_response.data == NULL) {
                                ZERO_STRUCT(lm_hash);
                                TALLOC_FREE(frame);
@@ -288,7 +288,8 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct 
cli_credentials *cred
                        }
                } else {
                        /* just copy the nt_response */
-                       lm_response = data_blob_dup_talloc(frame, nt_response);
+                       lm_response = data_blob_dup_talloc_s(frame,
+                                                            nt_response);
                        if (lm_response.data == NULL) {
                                ZERO_STRUCT(lm_hash);
                                TALLOC_FREE(frame);
@@ -297,7 +298,7 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct 
cli_credentials *cred
                }
 
                if (do_lm) {
-                       lm_session_key = data_blob_talloc_zero(frame, 16);
+                       lm_session_key = data_blob_talloc_zero_s(frame, 16);
                        if (lm_session_key.data == NULL) {
                                ZERO_STRUCT(lm_hash);
                                TALLOC_FREE(frame);
@@ -316,26 +317,18 @@ done:
        if (_lm_response != NULL) {
                talloc_steal(mem_ctx, lm_response.data);
                *_lm_response = lm_response;
-       } else {
-               data_blob_clear(&lm_response);
        }
        if (_nt_response != NULL) {
                talloc_steal(mem_ctx, nt_response.data);
                *_nt_response = nt_response;
-       } else {
-               data_blob_clear(&nt_response);
        }
        if (_lm_session_key != NULL) {
                talloc_steal(mem_ctx, lm_session_key.data);
                *_lm_session_key = lm_session_key;
-       } else {
-               data_blob_clear(&lm_session_key);
        }
        if (_session_key != NULL) {
                talloc_steal(mem_ctx, session_key.data);
                *_session_key = session_key;
-       } else {
-               data_blob_clear(&session_key);
        }
        TALLOC_FREE(frame);
        return NT_STATUS_OK;
@@ -372,6 +365,7 @@ _PUBLIC_ bool cli_credentials_set_utf16_password(struct 
cli_credentials *cred,
        if (nt_hash == NULL) {
                return false;
        }
+       talloc_keep_secret(nt_hash);
 
        ok = convert_string_talloc(cred,
                                   CH_UTF16MUNGED, CH_UTF8,
@@ -384,6 +378,7 @@ _PUBLIC_ bool cli_credentials_set_utf16_password(struct 
cli_credentials *cred,
                return false;
        }
 
+       talloc_keep_secret(password_talloc);
        ok = cli_credentials_set_password(cred, password_talloc, obtained);
        TALLOC_FREE(password_talloc);
        if (!ok) {
@@ -419,6 +414,7 @@ _PUBLIC_ bool cli_credentials_set_old_utf16_password(struct 
cli_credentials *cre
        if (nt_hash == NULL) {
                return false;
        }
+       talloc_keep_secret(nt_hash);
 
        ok = convert_string_talloc(cred,
                                   CH_UTF16MUNGED, CH_UTF8,
@@ -479,6 +475,7 @@ _PUBLIC_ bool cli_credentials_set_nt_hash(struct 
cli_credentials *cred,
                if (cred->nt_hash == NULL) {
                        return false;
                }
+               talloc_keep_secret(cred->nt_hash);
                *cred->nt_hash = *nt_hash;
        } else {
                cred->nt_hash = NULL;
@@ -495,6 +492,7 @@ _PUBLIC_ bool cli_credentials_set_old_nt_hash(struct 
cli_credentials *cred,
                if (cred->old_nt_hash == NULL) {
                        return false;
                }
+               talloc_keep_secret(cred->old_nt_hash);
                *cred->old_nt_hash = *nt_hash;
        } else {
                cred->old_nt_hash = NULL;
@@ -522,34 +520,32 @@ _PUBLIC_ bool cli_credentials_set_ntlm_response(struct 
cli_credentials *cred,
        data_blob_clear_free(&cred->nt_session_key);
 
        if (lm_response != NULL && lm_response->length != 0) {
-               cred->lm_response = data_blob_talloc(cred,
-                                                    lm_response->data,
-                                                    lm_response->length);
+               cred->lm_response = data_blob_talloc_s(cred,
+                                                      lm_response->data,
+                                                      lm_response->length);
                if (cred->lm_response.data == NULL) {
                        return false;
                }
        }
        if (lm_session_key != NULL && lm_session_key->length != 0) {
-               cred->lm_session_key = data_blob_talloc(cred,
-                                                       lm_session_key->data,
-                                                       lm_session_key->length);
+               cred->lm_session_key = data_blob_talloc_s(
+                       cred, lm_session_key->data, lm_session_key->length);
                if (cred->lm_session_key.data == NULL) {
                        return false;
                }
        }
 
        if (nt_response != NULL && nt_response->length != 0) {
-               cred->nt_response = data_blob_talloc(cred,
-                                                    nt_response->data,
-                                                    nt_response->length);
+               cred->nt_response = data_blob_talloc_s(cred,
+                                                      nt_response->data,
+                                                      nt_response->length);
                if (cred->nt_response.data == NULL) {
                        return false;
                }
        }
        if (nt_session_key != NULL && nt_session_key->length != 0) {
-               cred->nt_session_key = data_blob_talloc(cred,
-                                                       nt_session_key->data,
-                                                       nt_session_key->length);
+               cred->nt_session_key = data_blob_talloc_s(
+                       cred, nt_session_key->data, nt_session_key->length);
                if (cred->nt_session_key.data == NULL) {
                        return false;
                }
diff --git a/auth/kerberos/gssapi_pac.c b/auth/kerberos/gssapi_pac.c
index 4ad787396aa..9a575480c77 100644
--- a/auth/kerberos/gssapi_pac.c
+++ b/auth/kerberos/gssapi_pac.c
@@ -195,7 +195,7 @@ NTSTATUS gssapi_obtain_pac_blob(TALLOC_CTX *mem_ctx,
 
 NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
                                gss_ctx_id_t gssapi_context,
-                               DATA_BLOB *session_key, 
+                               DATA_BLOB *session_key,
                                uint32_t *keytype)
 {
        OM_uint32 gss_min, gss_maj;
@@ -226,8 +226,13 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
                        return NT_STATUS_NO_USER_SESSION_KEY;
                }
                if (session_key) {
-                       *session_key = data_blob_talloc(mem_ctx,
-                                                       KRB5_KEY_DATA(subkey), 
KRB5_KEY_LENGTH(subkey));
+                       *session_key = data_blob_talloc_s(mem_ctx,
+                                                         KRB5_KEY_DATA(subkey),
+                                                         KRB5_KEY_LENGTH(
+                                                                 subkey));
+                       if (session_key->data == NULL) {
+                               return NT_STATUS_NO_MEMORY;
+                       }
                }
                if (keytype) {
                        *keytype = KRB5_KEY_TYPE(subkey);
@@ -241,8 +246,12 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
        }
 
        if (session_key) {
-               *session_key = data_blob_talloc(mem_ctx, set->elements[0].value,
-                                               set->elements[0].length);
+               *session_key = data_blob_talloc_s(mem_ctx,
+                                                 set->elements[0].value,
+                                                 set->elements[0].length);
+               if (session_key->data == NULL) {
+                       return NT_STATUS_NO_MEMORY;
+               }
        }
 
        if (keytype) {
@@ -263,7 +272,7 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
                        }
 #endif
                        gss_release_buffer_set(&gss_min, &set);
-       
+
                        return NT_STATUS_OK;
 
                } else if (memcmp(set->elements[1].value,
diff --git a/auth/ntlmssp/gensec_ntlmssp.c b/auth/ntlmssp/gensec_ntlmssp.c
index 329d8eb4751..ba5beb0a1de 100644
--- a/auth/ntlmssp/gensec_ntlmssp.c
+++ b/auth/ntlmssp/gensec_ntlmssp.c
@@ -57,7 +57,9 @@ NTSTATUS gensec_ntlmssp_session_key(struct gensec_security 
*gensec_security,
        if (!ntlmssp_state->session_key.data) {
                return NT_STATUS_NO_USER_SESSION_KEY;
        }
-       *session_key = data_blob_talloc(mem_ctx, 
ntlmssp_state->session_key.data, ntlmssp_state->session_key.length);
+       *session_key = data_blob_talloc_s(mem_ctx,
+                                         ntlmssp_state->session_key.data,
+                                         ntlmssp_state->session_key.length);
        if (!session_key->data) {
                return NT_STATUS_NO_MEMORY;
        }
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index f8b3f9c0b3a..2cfa3b10384 100644
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -463,16 +463,16 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security 
*gensec_security,
                        return NT_STATUS_WRONG_CREDENTIAL_HANDLE;
                }
 
-               session_key = data_blob_talloc(mem_ctx,
-                                              wbc_session_key->data,
-                                              wbc_session_key->length);
+               session_key = data_blob_talloc_s(mem_ctx,
+                                                wbc_session_key->data,
+                                                wbc_session_key->length);
                if (session_key.length != wbc_session_key->length) {
                        wbcFreeMemory(info);
                        return NT_STATUS_NO_MEMORY;
                }
-               *out = data_blob_talloc(mem_ctx,
-                                       wbc_auth_blob->data,
-                                       wbc_auth_blob->length);
+               *out = data_blob_talloc_s(mem_ctx,
+                                         wbc_auth_blob->data,
+                                         wbc_auth_blob->length);
                if (out->length != wbc_auth_blob->length) {
                        wbcFreeMemory(info);
                        return NT_STATUS_NO_MEMORY;
@@ -665,7 +665,12 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security 
*gensec_security,
 
        if ((ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
            && ntlmssp_state->allow_lm_key && lm_session_key.length == 16) {
-               DATA_BLOB new_session_key = data_blob_talloc(mem_ctx, NULL, 16);
+               DATA_BLOB new_session_key = data_blob_talloc_s(mem_ctx,
+                                                              NULL,
+                                                              16);
+               if (new_session_key.data == NULL) {
+                       return NT_STATUS_NO_MEMORY;
+               }
                if (lm_response.length == 24) {
                        nt_status = 
SMBsesskeygen_lm_sess_key(lm_session_key.data,
                                                              lm_response.data,
@@ -701,8 +706,13 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security 
*gensec_security,
                generate_random_buffer(client_session_key, 
sizeof(client_session_key));
 
                /* Encrypt the new session key with the old one */
-               encrypted_session_key = data_blob_talloc(ntlmssp_state,
+               encrypted_session_key = data_blob_talloc_s(ntlmssp_state,
                                                         client_session_key, 
sizeof(client_session_key));
+               if (encrypted_session_key.data == NULL) {
+                       nt_status = NT_STATUS_NO_MEMORY;
+                       ZERO_ARRAY(client_session_key);
+                       goto done;
+               }
                dump_data_pw("KEY_EXCH session key:\n", 
encrypted_session_key.data, encrypted_session_key.length);
 
                rc = gnutls_cipher_init(&cipher_hnd,
@@ -727,8 +737,14 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security 
*gensec_security,
                dump_data_pw("KEY_EXCH session key (enc):\n", 
encrypted_session_key.data, encrypted_session_key.length);
 
                /* Mark the new session key as the 'real' session key */
-               session_key = data_blob_talloc(mem_ctx, client_session_key, 
sizeof(client_session_key));
+               session_key = data_blob_talloc_s(mem_ctx,
+                                                client_session_key,
+                                                sizeof(client_session_key));
                ZERO_ARRAY(client_session_key);
+               if (session_key.data == NULL) {
+                       nt_status = NT_STATUS_NO_MEMORY;
+                       goto done;
+               }
        }
 
        /* this generates the actual auth packet */
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index dcf91348d1a..abb44b5d515 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -1048,9 +1048,13 @@ bool smb_krb5_get_smb_session_key(TALLOC_CTX *mem_ctx,
        DEBUG(10, ("Got KRB5 session key of length %d\n",
                   (int)KRB5_KEY_LENGTH(skey)));
 
-       *session_key = data_blob_talloc(mem_ctx,
-                                        KRB5_KEY_DATA(skey),
-                                        KRB5_KEY_LENGTH(skey));
+       *session_key = data_blob_talloc_s(mem_ctx,
+                                         KRB5_KEY_DATA(skey),
+                                         KRB5_KEY_LENGTH(skey));
+       if (session_key->data == NULL) {
+               DBG_WARNING("No memory for session key\n");
+               goto done;
+       }
        dump_data_pw("KRB5 Session Key:\n",
                     session_key->data,
                     session_key->length);
@@ -2210,14 +2214,17 @@ krb5_error_code 
smb_krb5_kinit_keyblock_ccache(krb5_context ctx,
                      SMB_CREDS_KEYTAB,
                      &my_creds);
        if (rc < 0) {
+               ZERO_STRUCT(entry);
                return KRB5_KT_BADNAME;
        }
        code = krb5_kt_resolve(ctx, tmp_name, &keytab);
        if (code) {
+               ZERO_STRUCT(entry);
                return code;
        }
 
        code = krb5_kt_add_entry(ctx, keytab, &entry);
+       ZERO_STRUCT(entry);
        if (code) {
                (void)krb5_kt_close(ctx, keytab);
                goto done;
diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c
index a2388706bcf..190d5e73332 100644
--- a/libcli/auth/ntlm_check.c
+++ b/libcli/auth/ntlm_check.c
@@ -1,4 +1,4 @@
-/* 
+/*
    Unix SMB/CIFS implementation.
    Password and authentication handling
    Copyright (C) Andrew Bartlett <[email protected]> 2001-2004
@@ -126,8 +126,8 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx,
        }
 
        client_key_data = data_blob_talloc(mem_ctx, ntv2_response->data+16, 
ntv2_response->length-16);
-       /* 
-          todo:  should we be checking this for anything?  We can't for LMv2, 
+       /*
+          todo:  should we be checking this for anything?  We can't for LMv2,
           but for NTLMv2 it is meant to contain the current time etc.
        */
 
@@ -262,8 +262,8 @@ NTSTATUS hash_password_check(TALLOC_CTX *mem_ctx,
                             enum ntlm_auth_level ntlm_auth,
                             const struct samr_Password *client_lanman,
                             const struct samr_Password *client_nt,
-                            const char *username, 
-                            const struct samr_Password *stored_lanman, 
+                            const char *username,
+                            const struct samr_Password *stored_lanman,
                             const struct samr_Password *stored_nt)
 {
        if (ntlm_auth == NTLM_AUTH_DISABLED) {
@@ -334,12 +334,12 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
                             const DATA_BLOB *challenge,
                             const DATA_BLOB *lm_response,
                             const DATA_BLOB *nt_response,
-                            const char *username, 
-                            const char *client_username, 
+                            const char *username,
+                            const char *client_username,
                             const char *client_domain,
-                            const struct samr_Password *stored_lanman, 
-                            const struct samr_Password *stored_nt, 
-                            DATA_BLOB *user_sess_key, 
+                            const struct samr_Password *stored_lanman,
+                            const struct samr_Password *stored_nt,
+                            DATA_BLOB *user_sess_key,
                             DATA_BLOB *lm_sess_key)
 {
        DATA_BLOB tmp_sess_key;
@@ -359,7 +359,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
        }
 
        if (stored_nt == NULL) {
-               DEBUG(3,("ntlm_password_check: NO NT password stored for user 
%s.\n", 
+               DEBUG(3,("ntlm_password_check: NO NT password stored for user 
%s.\n",
                         username));
        }
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

Reply via email to