diff options
author | Stefan Metzmacher <metze@samba.org> | 2022-12-12 14:03:50 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2022-12-13 21:37:58 +0100 |
commit | b9269801ed6bc034da924cdedd0b6a2938a1379f (patch) | |
tree | 030d83601067bddb90f1ae9aa1b4f615ac665383 | |
parent | 9669a41693b8da410cf57e21f2de7c7e6e4c4235 (diff) | |
download | samba-b9269801ed6bc034da924cdedd0b6a2938a1379f.tar.gz |
CVE-2022-38023 s4:rpc_server/netlogon: add talloc_stackframe() to dcesrv_netr_creds_server_step_check()
This will simplify the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 0e6a2ba83ef1be3c6a0f5514c21395121621a145)
-rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 32 |
1 files changed, 19 insertions, 13 deletions
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index b85d2253d3c..5dfd84d939d 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -634,6 +634,7 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc struct netlogon_creds_CredentialState **creds_out) { struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx; + TALLOC_CTX *frame = talloc_stackframe(); NTSTATUS nt_status; int schannel = lpcfg_server_schannel(lp_ctx); bool schannel_global_required = (schannel == true); @@ -677,6 +678,7 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc if (schannel_required) { if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL) { *creds_out = creds; + TALLOC_FREE(frame); return NT_STATUS_OK; } @@ -684,13 +686,15 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc "%s request (opnum[%u]) without schannel from " "client_account[%s] client_computer_name[%s]\n", opname, opnum, - log_escape(mem_ctx, creds->account_name), - log_escape(mem_ctx, creds->computer_name)); + log_escape(frame, creds->account_name), + log_escape(frame, creds->computer_name)); DBG_ERR("CVE-2020-1472(ZeroLogon): Check if option " - "'server require schannel:%s = no' is needed! \n", - log_escape(mem_ctx, creds->account_name)); + "'server require schannel:%s = no' " + "might be needed for a legacy client.\n", + log_escape(frame, creds->account_name)); TALLOC_FREE(creds); ZERO_STRUCTP(return_authenticator); + TALLOC_FREE(frame); return NT_STATUS_ACCESS_DENIED; } @@ -699,13 +703,14 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc "%s request (opnum[%u]) WITH schannel from " "client_account[%s] client_computer_name[%s]\n", opname, opnum, - log_escape(mem_ctx, creds->account_name), - log_escape(mem_ctx, creds->computer_name)); + log_escape(frame, creds->account_name), + log_escape(frame, creds->computer_name)); DBG_ERR("CVE-2020-1472(ZeroLogon): " "Option 'server require schannel:%s = no' not needed!?\n", - log_escape(mem_ctx, creds->account_name)); + log_escape(frame, creds->account_name)); *creds_out = creds; + TALLOC_FREE(frame); return NT_STATUS_OK; } @@ -715,24 +720,25 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc "%s request (opnum[%u]) without schannel from " "client_account[%s] client_computer_name[%s]\n", opname, opnum, - log_escape(mem_ctx, creds->account_name), - log_escape(mem_ctx, creds->computer_name)); + log_escape(frame, creds->account_name), + log_escape(frame, creds->computer_name)); DBG_INFO("CVE-2020-1472(ZeroLogon): " "Option 'server require schannel:%s = no' still needed!\n", - log_escape(mem_ctx, creds->account_name)); + log_escape(frame, creds->account_name)); } else { DBG_ERR("CVE-2020-1472(ZeroLogon): " "%s request (opnum[%u]) without schannel from " "client_account[%s] client_computer_name[%s]\n", opname, opnum, - log_escape(mem_ctx, creds->account_name), - log_escape(mem_ctx, creds->computer_name)); + log_escape(frame, creds->account_name), + log_escape(frame, creds->computer_name)); DBG_ERR("CVE-2020-1472(ZeroLogon): Check if option " "'server require schannel:%s = no' might be needed!\n", - log_escape(mem_ctx, creds->account_name)); + log_escape(frame, creds->account_name)); } *creds_out = creds; + TALLOC_FREE(frame); return NT_STATUS_OK; } |