From e46fdd96cf0cea2415e7dfd49d7f204c53bac762 Mon Sep 17 00:00:00 2001 From: Samuel Cabrero Date: Wed, 4 Jan 2023 17:23:41 +0100 Subject: [PATCH 37/40] CVE-2022-38023 s3:rpc_server/netlogon: Rename variable This will simplify the following changes. Signed-off-by: Samuel Cabrero Conflict: NA Reference: https://attachments.samba.org/attachment.cgi?id=17736 --- source3/rpc_server/netlogon/srv_netlog_nt.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c index a66b929b479..b7c8e2c928e 100644 --- a/source3/rpc_server/netlogon/srv_netlog_nt.c +++ b/source3/rpc_server/netlogon/srv_netlog_nt.c @@ -1071,9 +1071,10 @@ static NTSTATUS netr_check_schannel(struct pipes_struct *p, { TALLOC_CTX *frame = talloc_stackframe(); NTSTATUS status; + const char *explicit_opt = NULL; bool schannel_global_required = (lp_server_schannel() == true) ? true:false; bool schannel_required = schannel_global_required; - const char *explicit_opt = NULL; + bool schannel_explicitly_set = false; int CVE_2020_1472_warn_level = lp_parm_int(GLOBAL_SECTION_SNUM, "CVE_2020_1472", "warn_about_unused_debug_level", DBGLVL_ERR); int CVE_2020_1472_error_level = lp_parm_int(GLOBAL_SECTION_SNUM, @@ -1112,11 +1113,12 @@ static NTSTATUS netr_check_schannel(struct pipes_struct *p, if (explicit_opt != NULL) { schannel_required = lp_bool(explicit_opt); } + schannel_explicitly_set = explicit_opt != NULL; if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL) { status = NT_STATUS_OK; - if (explicit_opt != NULL && !schannel_required) { + if (schannel_explicitly_set && !schannel_required) { dbg_lvl = MIN(dbg_lvl, CVE_2020_1472_warn_level); } else if (!schannel_required) { dbg_lvl = MIN(dbg_lvl, DBGLVL_INFO); @@ -1131,7 +1133,7 @@ static NTSTATUS netr_check_schannel(struct pipes_struct *p, log_escape(frame, creds->computer_name), nt_errstr(status))); - if (explicit_opt != NULL && !schannel_required) { + if (schannel_explicitly_set && !schannel_required) { DEBUG(CVE_2020_1472_warn_level, ( "CVE-2020-1472(ZeroLogon): " "Option 'server require schannel:%s = no' not needed for '%s'!\n", @@ -1146,7 +1148,7 @@ static NTSTATUS netr_check_schannel(struct pipes_struct *p, if (schannel_required) { status = NT_STATUS_ACCESS_DENIED; - if (explicit_opt != NULL) { + if (schannel_explicitly_set) { dbg_lvl = MIN(dbg_lvl, DBGLVL_NOTICE); } else { dbg_lvl = MIN(dbg_lvl, CVE_2020_1472_error_level); @@ -1160,7 +1162,7 @@ static NTSTATUS netr_check_schannel(struct pipes_struct *p, log_escape(frame, creds->account_name), log_escape(frame, creds->computer_name), nt_errstr(status))); - if (explicit_opt != NULL) { + if (schannel_explicitly_set) { D_NOTICE("CVE-2020-1472(ZeroLogon): Option " "'server require schannel:%s = yes' " "rejects access for client.\n", @@ -1188,7 +1190,7 @@ static NTSTATUS netr_check_schannel(struct pipes_struct *p, status = NT_STATUS_OK; - if (explicit_opt != NULL) { + if (schannel_explicitly_set) { dbg_lvl = MIN(dbg_lvl, DBGLVL_INFO); } else { dbg_lvl = MIN(dbg_lvl, CVE_2020_1472_error_level); @@ -1203,7 +1205,7 @@ static NTSTATUS netr_check_schannel(struct pipes_struct *p, log_escape(frame, creds->computer_name), nt_errstr(status))); - if (explicit_opt != NULL) { + if (schannel_explicitly_set) { D_INFO("CVE-2020-1472(ZeroLogon): Option " "'server require schannel:%s = no' " "still needed for '%s'!\n", -- 2.39.0