Message ID | 20230802113149.36497-1-dazo+openvpn@eurephia.org |
---|---|
State | Accepted |
Headers | show |
Series | [Openvpn-devel] ntlm: Clarify details on NTLM phase 3 decoding | expand |
On 02/08/2023 13:31, David Sommerseth wrote: > From: David Sommerseth <davids@openvpn.net> > > The code was very clear if we accept that the base64 decode of the There is a "not" missing in the line above: "The code was not very clear ..." I'm fine with fixing this at commit time.
Acked-by: Gert Doering <gert@greenie.muc.de> No functional change, just clarifying "yes we know that this could happen, but if it does, this is still well-defined". Test compiled on Linux, just in case I overlooked something. Your patch has been applied to the master and release/2.6 branch. commit f19391139836aa07312cf5b3ebbd00941d22ddc7 (master) commit 781fa8f200d0e3428a7e4da693707529eeaa66cc (release/2.6) Author: David Sommerseth Date: Wed Aug 2 13:31:49 2023 +0200 ntlm: Clarify details on NTLM phase 3 decoding Signed-off-by: David Sommerseth <davids@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20230802113149.36497-1-dazo+openvpn@eurephia.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26919.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c index 0cb0a32f..2e772141 100644 --- a/src/openvpn/ntlm.c +++ b/src/openvpn/ntlm.c @@ -207,7 +207,6 @@ ntlm_phase_3(const struct http_proxy_info *p, const char *phase_2, */ char pwbuf[sizeof(p->up.password) * 2]; /* for unicode password */ - uint8_t buf2[128]; /* decoded reply from proxy */ uint8_t phase3[464]; uint8_t md4_hash[MD4_DIGEST_LENGTH + 5]; @@ -230,8 +229,6 @@ ntlm_phase_3(const struct http_proxy_info *p, const char *phase_2, bool ntlmv2_enabled = (p->auth_method == HTTP_AUTH_NTLM2); - CLEAR(buf2); - ASSERT(strlen(p->up.username) > 0); ASSERT(strlen(p->up.password) > 0); @@ -264,6 +261,12 @@ ntlm_phase_3(const struct http_proxy_info *p, const char *phase_2, /* pad to 21 bytes */ memset(md4_hash + MD4_DIGEST_LENGTH, 0, 5); + /* If the decoded challenge is shorter than required by the protocol, + * the missing bytes will be NULL, as buf2 is known to be zeroed + * when this decode happens. + */ + uint8_t buf2[128]; /* decoded reply from proxy */ + CLEAR(buf2); ret_val = openvpn_base64_decode(phase_2, buf2, -1); if (ret_val < 0) {