X-Git-Url: http://sjero.net/git/?a=blobdiff_plain;f=src%2Fhttp-ntlm.c;h=054c8a95939a18b3fced17d09d87cd279de28a20;hb=53d0aff795316dc1a4b785632f0d4d93c861e9cb;hp=5e45c0dba0ce0d2ebb61aa4bc57ee94f98f38072;hpb=5d4ff69084c1e4d8fc002bcae499e653a8fa7a8f;p=wget diff --git a/src/http-ntlm.c b/src/http-ntlm.c index 5e45c0db..054c8a95 100644 --- a/src/http-ntlm.c +++ b/src/http-ntlm.c @@ -1,12 +1,12 @@ /* NTLM code. - Copyright (C) 2005 Free Software Foundation, Inc. + Copyright (C) 2005, 2006, 2007 Free Software Foundation, Inc. Contributed by Daniel Stenberg. This file is part of GNU Wget. GNU Wget is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2 of the License, or +the Free Software Foundation; either version 3 of the License, or (at your option) any later version. GNU Wget is distributed in the hope that it will be useful, @@ -15,8 +15,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License -along with Wget; if not, write to the Free Software Foundation, Inc., -51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +along with Wget. If not, see . In addition, as a special exception, the Free Software Foundation gives permission to link the code of its release of Wget with the @@ -146,7 +145,7 @@ ntlm_input (struct ntlmdata *ntlm, const char *header) size = base64_decode (header, buffer); if (size < 0) - return false; /* malformed base64 from server */ + return false; /* malformed base64 from server */ ntlm->state = NTLMSTATE_TYPE2; /* we got a type-2 */ @@ -159,10 +158,10 @@ ntlm_input (struct ntlmdata *ntlm, const char *header) else { if (ntlm->state >= NTLMSTATE_TYPE1) - { - DEBUGP (("Unexpected empty NTLM message.\n")); - return false; /* this is an error */ - } + { + DEBUGP (("Unexpected empty NTLM message.\n")); + return false; /* this is an error */ + } DEBUGP (("Empty NTLM message, starting transaction.\n")); ntlm->state = NTLMSTATE_TYPE1; /* we should sent away a type-1 */ @@ -177,7 +176,7 @@ ntlm_input (struct ntlmdata *ntlm, const char *header) */ static void setup_des_key(unsigned char *key_56, - DES_key_schedule DESKEYARG(ks)) + DES_key_schedule DESKEYARG(ks)) { DES_cblock key; @@ -222,8 +221,8 @@ calc_resp(unsigned char *keys, unsigned char *plaintext, unsigned char *results) */ static void mkhash(const char *password, - unsigned char *nonce, /* 8 bytes */ - unsigned char *lmresp /* must fit 0x18 bytes */ + unsigned char *nonce, /* 8 bytes */ + unsigned char *lmresp /* must fit 0x18 bytes */ #ifdef USE_NTRESPONSES , unsigned char *ntresp /* must fit 0x18 bytes */ #endif @@ -299,7 +298,7 @@ mkhash(const char *password, /* this is for creating ntlm header output */ char * ntlm_output (struct ntlmdata *ntlm, const char *user, const char *passwd, - bool *ready) + bool *ready) { const char *domain=""; /* empty */ const char *host=""; /* empty */ @@ -346,35 +345,35 @@ ntlm_output (struct ntlmdata *ntlm, const char *user, const char *passwd, */ snprintf (ntlmbuf, sizeof(ntlmbuf), "NTLMSSP%c" - "\x01%c%c%c" /* 32-bit type = 1 */ - "%c%c%c%c" /* 32-bit NTLM flag field */ - "%c%c" /* domain length */ - "%c%c" /* domain allocated space */ - "%c%c" /* domain name offset */ - "%c%c" /* 2 zeroes */ - "%c%c" /* host length */ - "%c%c" /* host allocated space */ - "%c%c" /* host name offset */ - "%c%c" /* 2 zeroes */ - "%s" /* host name */ - "%s", /* domain string */ - 0, /* trailing zero */ - 0,0,0, /* part of type-1 long */ - - LONGQUARTET( - NTLMFLAG_NEGOTIATE_OEM| /* 2 */ - NTLMFLAG_NEGOTIATE_NTLM_KEY /* 200 */ - /* equals 0x0202 */ - ), - SHORTPAIR(domlen), - SHORTPAIR(domlen), - SHORTPAIR(domoff), - 0,0, - SHORTPAIR(hostlen), - SHORTPAIR(hostlen), - SHORTPAIR(hostoff), - 0,0, - host, domain); + "\x01%c%c%c" /* 32-bit type = 1 */ + "%c%c%c%c" /* 32-bit NTLM flag field */ + "%c%c" /* domain length */ + "%c%c" /* domain allocated space */ + "%c%c" /* domain name offset */ + "%c%c" /* 2 zeroes */ + "%c%c" /* host length */ + "%c%c" /* host allocated space */ + "%c%c" /* host name offset */ + "%c%c" /* 2 zeroes */ + "%s" /* host name */ + "%s", /* domain string */ + 0, /* trailing zero */ + 0,0,0, /* part of type-1 long */ + + LONGQUARTET( + NTLMFLAG_NEGOTIATE_OEM| /* 2 */ + NTLMFLAG_NEGOTIATE_NTLM_KEY /* 200 */ + /* equals 0x0202 */ + ), + SHORTPAIR(domlen), + SHORTPAIR(domlen), + SHORTPAIR(domoff), + 0,0, + SHORTPAIR(hostlen), + SHORTPAIR(hostlen), + SHORTPAIR(hostoff), + 0,0, + host, domain); /* initial packet length */ size = 32 + hostlen + domlen; @@ -444,86 +443,91 @@ ntlm_output (struct ntlmdata *ntlm, const char *user, const char *passwd, /* Create the big type-3 message binary blob */ size = snprintf (ntlmbuf, sizeof(ntlmbuf), - "NTLMSSP%c" - "\x03%c%c%c" /* type-3, 32 bits */ - - "%c%c%c%c" /* LanManager length + allocated space */ - "%c%c" /* LanManager offset */ - "%c%c" /* 2 zeroes */ - - "%c%c" /* NT-response length */ - "%c%c" /* NT-response allocated space */ - "%c%c" /* NT-response offset */ - "%c%c" /* 2 zeroes */ - - "%c%c" /* domain length */ - "%c%c" /* domain allocated space */ - "%c%c" /* domain name offset */ - "%c%c" /* 2 zeroes */ + "NTLMSSP%c" + "\x03%c%c%c" /* type-3, 32 bits */ + + "%c%c%c%c" /* LanManager length + allocated space */ + "%c%c" /* LanManager offset */ + "%c%c" /* 2 zeroes */ + + "%c%c" /* NT-response length */ + "%c%c" /* NT-response allocated space */ + "%c%c" /* NT-response offset */ + "%c%c" /* 2 zeroes */ + + "%c%c" /* domain length */ + "%c%c" /* domain allocated space */ + "%c%c" /* domain name offset */ + "%c%c" /* 2 zeroes */ - "%c%c" /* user length */ - "%c%c" /* user allocated space */ - "%c%c" /* user offset */ - "%c%c" /* 2 zeroes */ + "%c%c" /* user length */ + "%c%c" /* user allocated space */ + "%c%c" /* user offset */ + "%c%c" /* 2 zeroes */ - "%c%c" /* host length */ - "%c%c" /* host allocated space */ - "%c%c" /* host offset */ - "%c%c%c%c%c%c" /* 6 zeroes */ + "%c%c" /* host length */ + "%c%c" /* host allocated space */ + "%c%c" /* host offset */ + "%c%c%c%c%c%c" /* 6 zeroes */ - "\xff\xff" /* message length */ - "%c%c" /* 2 zeroes */ + "\xff\xff" /* message length */ + "%c%c" /* 2 zeroes */ - "\x01\x82" /* flags */ - "%c%c" /* 2 zeroes */ - - /* domain string */ - /* user string */ - /* host string */ - /* LanManager response */ - /* NT response */ - , - 0, /* zero termination */ - 0,0,0, /* type-3 long, the 24 upper bits */ - - SHORTPAIR(0x18), /* LanManager response length, twice */ - SHORTPAIR(0x18), - SHORTPAIR(lmrespoff), - 0x0, 0x0, + "\x01\x82" /* flags */ + "%c%c" /* 2 zeroes */ + + /* domain string */ + /* user string */ + /* host string */ + /* LanManager response */ + /* NT response */ + , + 0, /* zero termination */ + 0,0,0, /* type-3 long, the 24 upper bits */ + + SHORTPAIR(0x18), /* LanManager response length, twice */ + SHORTPAIR(0x18), + SHORTPAIR(lmrespoff), + 0x0, 0x0, #ifdef USE_NTRESPONSES - SHORTPAIR(0x18), /* NT-response length, twice */ - SHORTPAIR(0x18), + SHORTPAIR(0x18), /* NT-response length, twice */ + SHORTPAIR(0x18), #else - 0x0, 0x0, - 0x0, 0x0, + 0x0, 0x0, + 0x0, 0x0, #endif - SHORTPAIR(ntrespoff), - 0x0, 0x0, + SHORTPAIR(ntrespoff), + 0x0, 0x0, - SHORTPAIR(domlen), - SHORTPAIR(domlen), - SHORTPAIR(domoff), - 0x0, 0x0, + SHORTPAIR(domlen), + SHORTPAIR(domlen), + SHORTPAIR(domoff), + 0x0, 0x0, - SHORTPAIR(userlen), - SHORTPAIR(userlen), - SHORTPAIR(useroff), - 0x0, 0x0, + SHORTPAIR(userlen), + SHORTPAIR(userlen), + SHORTPAIR(useroff), + 0x0, 0x0, - SHORTPAIR(hostlen), - SHORTPAIR(hostlen), - SHORTPAIR(hostoff), - 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + SHORTPAIR(hostlen), + SHORTPAIR(hostlen), + SHORTPAIR(hostoff), + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, - 0x0, 0x0, + 0x0, 0x0, - 0x0, 0x0); + 0x0, 0x0); /* size is now 64 */ size=64; ntlmbuf[62]=ntlmbuf[63]=0; + /* Make sure that the user and domain strings fit in the target buffer + before we copy them there. */ + if(size + userlen + domlen >= sizeof(ntlmbuf)) + return NULL; + memcpy(&ntlmbuf[size], domain, domlen); size += domlen;