1 --- squid-2.5.STABLE5/helpers/ntlm_auth/SMB/libntlmssp.c.orig 2001-11-30 10:50:28.000000000 +0100
2 +++ squid-2.5.STABLE5/helpers/ntlm_auth/SMB/libntlmssp.c 2004-06-10 18:51:30.985180312 +0200
4 #define min(A,B) (A<B?A:B)
7 -static char credentials[1024]; /* we can afford to waste */
8 +#define MAX_USERNAME_LEN 255
9 +#define MAX_DOMAIN_LEN 255
10 +#define MAX_PASSWD_LEN 31
11 +static char credentials[MAX_USERNAME_LEN+MAX_DOMAIN_LEN+2]; /* we can afford to waste */
14 /* Fetches the user's credentials from the challenge.
16 ntlm_check_auth(ntlm_authenticate * auth, int auth_length)
19 - char pass[25] /*, encrypted_pass[40] */;
20 + char pass[MAX_PASSWD_LEN+1];
21 char *domain = credentials;
25 ntlm_errno = NTLM_LOGON_ERROR;
28 + if (tmp.l > MAX_DOMAIN_LEN) {
29 + debug("Domain string exceeds %d bytes, rejecting\n", MAX_DOMAIN_LEN);
30 + ntlm_errno = NTLM_LOGON_ERROR;
33 memcpy(domain, tmp.str, tmp.l);
34 - user = domain + tmp.l;
35 + user = domain + tmp.l + 1;
38 /* debug("fetching user name\n"); */
40 ntlm_errno = NTLM_LOGON_ERROR;
43 + if (tmp.l > MAX_USERNAME_LEN) {
44 + debug("Username string exceeds %d bytes, rejecting\n", MAX_USERNAME_LEN);
45 + ntlm_errno = NTLM_LOGON_ERROR;
48 memcpy(user, tmp.str, tmp.l);
49 *(user + tmp.l) = '\0';
52 - /* Authenticating against the NT response doesn't seem to work... */
53 + /* Authenticating against the NT response doesn't seem to work... */
54 tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->lmresponse);
55 if (tmp.str == NULL || tmp.l == 0) {
56 fprintf(stderr, "No auth at all. Returning no-auth\n");
57 ntlm_errno = NTLM_LOGON_ERROR;
61 + if (tmp.l > MAX_PASSWD_LEN) {
62 + debug("Password string exceeds %d bytes, rejecting\n", MAX_PASSWD_LEN);
63 + ntlm_errno = NTLM_LOGON_ERROR;
67 memcpy(pass, tmp.str, tmp.l);
69 + pass[min(MAX_PASSWD_LEN,tmp.l)] = '\0';
72 debug ("Empty LM pass detection: user: '%s', ours:'%s', his: '%s'"