Mercurial > dovecot > core-2.2

changeset 2876:78dc2381f3af HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
allow LM authentication for older (Win9x) clients which do not pass NTLM response in type 3 message. fixes crash in dovecot-auth (empty credentials could be passed to hex_to_binary function if NTLM2 was negotiated). Patch by Andrey Panin
author Timo Sirainen <tss@iki.fi>
date Thu, 11 Nov 2004 19:45:03 +0200
parents 90f2ac2d16df
children 3cb483d565a6
files src/auth/mech-ntlm.c src/lib-ntlm/ntlm-message.c
diffstat 2 files changed, 25 insertions(+), 11 deletions(-) [+]
line wrap: on
line diff
--- a/src/auth/mech-ntlm.c	Thu Nov 11 19:36:51 2004 +0200
+++ b/src/auth/mech-ntlm.c	Thu Nov 11 19:45:03 2004 +0200
@@ -42,10 +42,15 @@
 	const unsigned char *client_response;
 	unsigned char lm_response[LM_RESPONSE_SIZE];
 	unsigned char hash[LM_HASH_SIZE];
+	unsigned int response_length;
 	buffer_t *hash_buffer;
 	int ret;
 
-	if (credentials == NULL) {
+	response_length =
+		ntlmssp_buffer_length(request->response, lm_response);
+	client_response = ntlmssp_buffer_data(request->response, lm_response);
+
+	if (credentials == NULL || response_length < LM_RESPONSE_SIZE) {
 		mech_auth_finish(auth_request, NULL, 0, FALSE);
 		return;
 	}
@@ -54,8 +59,6 @@
 					 hash, sizeof(hash));
 	hex_to_binary(credentials, hash_buffer);
 
-	client_response = ntlmssp_buffer_data(request->response, lm_response);
-
 	ntlmssp_v1_response(hash, request->challenge, lm_response);
 
 	ret = memcmp(lm_response, client_response, LM_RESPONSE_SIZE) == 0;
@@ -75,10 +78,18 @@
 	buffer_t *hash_buffer;
 	int ret;
 
-	if (credentials == NULL && !request->ntlm2_negotiated) {
-		passdb->lookup_credentials(auth_request,
-					   PASSDB_CREDENTIALS_LANMAN,
-					   lm_credentials_callback);
+	response_length =
+		ntlmssp_buffer_length(request->response, ntlm_response);
+	client_response = ntlmssp_buffer_data(request->response, ntlm_response);
+
+	if (credentials == NULL || response_length == 0) {
+		/* We can't use LM authentication if NTLM2 was negotiated */
+		if (request->ntlm2_negotiated)
+			mech_auth_finish(auth_request, NULL, 0, FALSE);
+		else
+			passdb->lookup_credentials(auth_request,
+						   PASSDB_CREDENTIALS_LANMAN,
+						   lm_credentials_callback);
 		return;
 	}
 
@@ -86,9 +97,6 @@
 					 hash, sizeof(hash));
 	hex_to_binary(credentials, hash_buffer);
 
-	response_length =
-		ntlmssp_buffer_length(request->response, ntlm_response);
-	client_response = ntlmssp_buffer_data(request->response, ntlm_response);
 
 	if (response_length > NTLMSSP_RESPONSE_SIZE) {
 		unsigned char ntlm_v2_response[NTLMSSP_V2_RESPONSE_SIZE];
--- a/src/lib-ntlm/ntlm-message.c	Thu Nov 11 19:36:51 2004 +0200
+++ b/src/lib-ntlm/ntlm-message.c	Thu Nov 11 19:45:03 2004 +0200
@@ -180,13 +180,19 @@
 				size_t data_size, const char **error)
 {
 	uint32_t offset = read_le32(&buffer->offset);
+	uint16_t length = read_le16(&buffer->length);
+	uint16_t space = read_le16(&buffer->space);
+
+	/* Empty buffer is ok */
+	if (length == 0 && space == 0)
+		return 1;
 
 	if (offset >= data_size) {
 		*error = "buffer offset out of bounds";
 		return 0;
 	}
 
-	if (offset + read_le16(&buffer->space) > data_size) {
+	if (offset + space > data_size) {
 		*error = "buffer end out of bounds";
 		return 0;
 	}