oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Overwrite the first 4 bytes of the encrypted checksum with a random

Browse Source 
number (or so davenport tells me). Interesting question, is this
really how it worked, not that the first 4 bytes is a nonce/iv to hide
first bytes of the rc4 stream, in the end it doesn't matter, it fact
the bits didn't even need to go over the network.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19454 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-12-19 17:03:01 +00:00
parent 02e6aa25a4
commit 5e734075a4
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/gssapi/ntlm/crypto.c
View File

@@ -110,6 +110,11 @@ OM_uint32 _gss_ntlm_get_mic
RC4(&ctx->crypto.key, sizeof(sigature), RC4(&ctx->crypto.key, sizeof(sigature),
sigature, ((unsigned char *)message_token->value) + 4); sigature, ((unsigned char *)message_token->value) + 4);
if (RAND_bytes(((unsigned char *)message_token->value) + 4, 4) != 1){
gss_release_buffer(&junk, message_token);
return GSS_S_UNAVAILABLE;
}
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
} else if (ctx->flags & NTLM_NEG_ALWAYS_SIGN) { } else if (ctx->flags & NTLM_NEG_ALWAYS_SIGN) {
unsigned char *sigature; unsigned char *sigature;
@@ -166,9 +171,7 @@ _gss_ntlm_verify_mic
_krb5_crc_init_table(); _krb5_crc_init_table();
crc = _krb5_crc_update(message_buffer->value, crc = _krb5_crc_update(message_buffer->value,
message_buffer->length, 0); message_buffer->length, 0);
decode_le_uint32(&sigature[0], &num); /* skip first 4 bytes in the encrypted checksum */
if (num != 0)
return GSS_S_BAD_MIC;
decode_le_uint32(&sigature[4], &num); decode_le_uint32(&sigature[4], &num);
if (num != crc) if (num != crc)
return GSS_S_BAD_MIC; return GSS_S_BAD_MIC;