projects / packages / squid.git / blame
| Commit | Line | Data |
|---|---|---|
| 96d7bfb0 PS |
1 | --- squid-2.5.STABLE5/helpers/ntlm_auth/SMB/libntlmssp.c.orig 2001-11-30 10:50:28.000000000 +0100 |
| 2 | +++ squid-2.5.STABLE5/helpers/ntlm_auth/SMB/libntlmssp.c 2004-06-10 18:51:30.985180312 +0200 | |
| 3 | @@ -161,7 +161,10 @@ | |
| 4 | #define min(A,B) (A<B?A:B) | |
| 5 | ||
| 6 | int ntlm_errno; | |
| 7 | -static char credentials[1024]; /* we can afford to waste */ | |
| 8 | +#define MAX_USERNAME_LEN 255 | |
| 9 | +#define MAX_DOMAIN_LEN 255 | |
| 10 | +#define MAX_PASSWD_LEN 31 | |
| 11 | +static char credentials[MAX_USERNAME_LEN+MAX_DOMAIN_LEN+2]; /* we can afford to waste */ | |
| 12 | ||
| 13 | ||
| 14 | /* Fetches the user's credentials from the challenge. | |
| 15 | @@ -197,7 +200,7 @@ | |
| 16 | ntlm_check_auth(ntlm_authenticate * auth, int auth_length) | |
| 17 | { | |
| 18 | int rv; | |
| 19 | - char pass[25] /*, encrypted_pass[40] */; | |
| 20 | + char pass[MAX_PASSWD_LEN+1]; | |
| 21 | char *domain = credentials; | |
| 22 | char *user; | |
| 23 | lstring tmp; | |
| 24 | @@ -215,8 +218,13 @@ | |
| 25 | ntlm_errno = NTLM_LOGON_ERROR; | |
| 26 | return NULL; | |
| 27 | } | |
| 28 | + if (tmp.l > MAX_DOMAIN_LEN) { | |
| 29 | + debug("Domain string exceeds %d bytes, rejecting\n", MAX_DOMAIN_LEN); | |
| 30 | + ntlm_errno = NTLM_LOGON_ERROR; | |
| 31 | + return NULL; | |
| 32 | + } | |
| 33 | memcpy(domain, tmp.str, tmp.l); | |
| 34 | - user = domain + tmp.l; | |
| 35 | + user = domain + tmp.l + 1; | |
| 36 | *user++ = '\0'; | |
| 37 | ||
| 38 | /* debug("fetching user name\n"); */ | |
| 39 | @@ -226,20 +234,30 @@ | |
| 40 | ntlm_errno = NTLM_LOGON_ERROR; | |
| 41 | return NULL; | |
| 42 | } | |
| 43 | + if (tmp.l > MAX_USERNAME_LEN) { | |
| 44 | + debug("Username string exceeds %d bytes, rejecting\n", MAX_USERNAME_LEN); | |
| 45 | + ntlm_errno = NTLM_LOGON_ERROR; | |
| 46 | + return NULL; | |
| 47 | + } | |
| 48 | memcpy(user, tmp.str, tmp.l); | |
| 49 | *(user + tmp.l) = '\0'; | |
| 50 | ||
| 51 | ||
| 52 | - /* Authenticating against the NT response doesn't seem to work... */ | |
| 53 | + /* Authenticating against the NT response doesn't seem to work... */ | |
| 54 | tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->lmresponse); | |
| 55 | if (tmp.str == NULL || tmp.l == 0) { | |
| 56 | fprintf(stderr, "No auth at all. Returning no-auth\n"); | |
| 57 | ntlm_errno = NTLM_LOGON_ERROR; | |
| 58 | return NULL; | |
| 59 | } | |
| 60 | - | |
| 61 | + if (tmp.l > MAX_PASSWD_LEN) { | |
| 62 | + debug("Password string exceeds %d bytes, rejecting\n", MAX_PASSWD_LEN); | |
| 63 | + ntlm_errno = NTLM_LOGON_ERROR; | |
| 64 | + return NULL; | |
| 65 | + } | |
| 66 | + | |
| 67 | memcpy(pass, tmp.str, tmp.l); | |
| 68 | - pass[25] = '\0'; | |
| 69 | + pass[min(MAX_PASSWD_LEN,tmp.l)] = '\0'; | |
| 70 | ||
| 71 | #if 1 | |
| 72 | debug ("Empty LM pass detection: user: '%s', ours:'%s', his: '%s'" |