X-Git-Url: http://sjero.net/git/?a=blobdiff_plain;f=src%2Fhttp-ntlm.c;h=32bb3c59355b2180b13144e7ecb4b652926b650d;hb=afe38bb249740950224f6ec50ba3d2c5831387cf;hp=a58d2581c11724d0ea62f910bc8e96ef73419f54;hpb=db9de5b07563e2f5d1e14a92f2cda4137cc2fb8a;p=wget
diff --git a/src/http-ntlm.c b/src/http-ntlm.c
index a58d2581..32bb3c59 100644
--- a/src/http-ntlm.c
+++ b/src/http-ntlm.c
@@ -1,12 +1,12 @@
/* NTLM code.
- Copyright (C) 2005 Free Software Foundation, Inc.
+ Copyright (C) 2005, 2006, 2007 Free Software Foundation, Inc.
Contributed by Daniel Stenberg.
This file is part of GNU Wget.
GNU Wget is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2 of the License, or
+the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
GNU Wget is distributed in the hope that it will be useful,
@@ -15,8 +15,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
-along with Wget; if not, write to the Free Software Foundation, Inc.,
-51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+along with Wget. If not, see .
In addition, as a special exception, the Free Software Foundation
gives permission to link the code of its release of Wget with the
@@ -37,13 +36,13 @@ so, delete this exception statement from your version. */
*/
-/* -- WIN32 approved -- */
#include
#include
#include
#include
#include
+#include
#include "wget.h"
#include "utils.h"
@@ -147,7 +146,7 @@ ntlm_input (struct ntlmdata *ntlm, const char *header)
size = base64_decode (header, buffer);
if (size < 0)
- return false; /* malformed base64 from server */
+ return false; /* malformed base64 from server */
ntlm->state = NTLMSTATE_TYPE2; /* we got a type-2 */
@@ -160,10 +159,10 @@ ntlm_input (struct ntlmdata *ntlm, const char *header)
else
{
if (ntlm->state >= NTLMSTATE_TYPE1)
- {
- DEBUGP (("Unexpected empty NTLM message.\n"));
- return false; /* this is an error */
- }
+ {
+ DEBUGP (("Unexpected empty NTLM message.\n"));
+ return false; /* this is an error */
+ }
DEBUGP (("Empty NTLM message, starting transaction.\n"));
ntlm->state = NTLMSTATE_TYPE1; /* we should sent away a type-1 */
@@ -178,7 +177,7 @@ ntlm_input (struct ntlmdata *ntlm, const char *header)
*/
static void
setup_des_key(unsigned char *key_56,
- DES_key_schedule DESKEYARG(ks))
+ DES_key_schedule DESKEYARG(ks))
{
DES_cblock key;
@@ -223,8 +222,8 @@ calc_resp(unsigned char *keys, unsigned char *plaintext, unsigned char *results)
*/
static void
mkhash(const char *password,
- unsigned char *nonce, /* 8 bytes */
- unsigned char *lmresp /* must fit 0x18 bytes */
+ unsigned char *nonce, /* 8 bytes */
+ unsigned char *lmresp /* must fit 0x18 bytes */
#ifdef USE_NTRESPONSES
, unsigned char *ntresp /* must fit 0x18 bytes */
#endif
@@ -300,7 +299,7 @@ mkhash(const char *password,
/* this is for creating ntlm header output */
char *
ntlm_output (struct ntlmdata *ntlm, const char *user, const char *passwd,
- bool *ready)
+ bool *ready)
{
const char *domain=""; /* empty */
const char *host=""; /* empty */
@@ -347,35 +346,35 @@ ntlm_output (struct ntlmdata *ntlm, const char *user, const char *passwd,
*/
snprintf (ntlmbuf, sizeof(ntlmbuf), "NTLMSSP%c"
- "\x01%c%c%c" /* 32-bit type = 1 */
- "%c%c%c%c" /* 32-bit NTLM flag field */
- "%c%c" /* domain length */
- "%c%c" /* domain allocated space */
- "%c%c" /* domain name offset */
- "%c%c" /* 2 zeroes */
- "%c%c" /* host length */
- "%c%c" /* host allocated space */
- "%c%c" /* host name offset */
- "%c%c" /* 2 zeroes */
- "%s" /* host name */
- "%s", /* domain string */
- 0, /* trailing zero */
- 0,0,0, /* part of type-1 long */
-
- LONGQUARTET(
- NTLMFLAG_NEGOTIATE_OEM| /* 2 */
- NTLMFLAG_NEGOTIATE_NTLM_KEY /* 200 */
- /* equals 0x0202 */
- ),
- SHORTPAIR(domlen),
- SHORTPAIR(domlen),
- SHORTPAIR(domoff),
- 0,0,
- SHORTPAIR(hostlen),
- SHORTPAIR(hostlen),
- SHORTPAIR(hostoff),
- 0,0,
- host, domain);
+ "\x01%c%c%c" /* 32-bit type = 1 */
+ "%c%c%c%c" /* 32-bit NTLM flag field */
+ "%c%c" /* domain length */
+ "%c%c" /* domain allocated space */
+ "%c%c" /* domain name offset */
+ "%c%c" /* 2 zeroes */
+ "%c%c" /* host length */
+ "%c%c" /* host allocated space */
+ "%c%c" /* host name offset */
+ "%c%c" /* 2 zeroes */
+ "%s" /* host name */
+ "%s", /* domain string */
+ 0, /* trailing zero */
+ 0,0,0, /* part of type-1 long */
+
+ LONGQUARTET(
+ NTLMFLAG_NEGOTIATE_OEM| /* 2 */
+ NTLMFLAG_NEGOTIATE_NTLM_KEY /* 200 */
+ /* equals 0x0202 */
+ ),
+ SHORTPAIR(domlen),
+ SHORTPAIR(domlen),
+ SHORTPAIR(domoff),
+ 0,0,
+ SHORTPAIR(hostlen),
+ SHORTPAIR(hostlen),
+ SHORTPAIR(hostoff),
+ 0,0,
+ host, domain);
/* initial packet length */
size = 32 + hostlen + domlen;
@@ -445,86 +444,91 @@ ntlm_output (struct ntlmdata *ntlm, const char *user, const char *passwd,
/* Create the big type-3 message binary blob */
size = snprintf (ntlmbuf, sizeof(ntlmbuf),
- "NTLMSSP%c"
- "\x03%c%c%c" /* type-3, 32 bits */
-
- "%c%c%c%c" /* LanManager length + allocated space */
- "%c%c" /* LanManager offset */
- "%c%c" /* 2 zeroes */
-
- "%c%c" /* NT-response length */
- "%c%c" /* NT-response allocated space */
- "%c%c" /* NT-response offset */
- "%c%c" /* 2 zeroes */
-
- "%c%c" /* domain length */
- "%c%c" /* domain allocated space */
- "%c%c" /* domain name offset */
- "%c%c" /* 2 zeroes */
+ "NTLMSSP%c"
+ "\x03%c%c%c" /* type-3, 32 bits */
+
+ "%c%c%c%c" /* LanManager length + allocated space */
+ "%c%c" /* LanManager offset */
+ "%c%c" /* 2 zeroes */
+
+ "%c%c" /* NT-response length */
+ "%c%c" /* NT-response allocated space */
+ "%c%c" /* NT-response offset */
+ "%c%c" /* 2 zeroes */
+
+ "%c%c" /* domain length */
+ "%c%c" /* domain allocated space */
+ "%c%c" /* domain name offset */
+ "%c%c" /* 2 zeroes */
- "%c%c" /* user length */
- "%c%c" /* user allocated space */
- "%c%c" /* user offset */
- "%c%c" /* 2 zeroes */
+ "%c%c" /* user length */
+ "%c%c" /* user allocated space */
+ "%c%c" /* user offset */
+ "%c%c" /* 2 zeroes */
- "%c%c" /* host length */
- "%c%c" /* host allocated space */
- "%c%c" /* host offset */
- "%c%c%c%c%c%c" /* 6 zeroes */
+ "%c%c" /* host length */
+ "%c%c" /* host allocated space */
+ "%c%c" /* host offset */
+ "%c%c%c%c%c%c" /* 6 zeroes */
- "\xff\xff" /* message length */
- "%c%c" /* 2 zeroes */
+ "\xff\xff" /* message length */
+ "%c%c" /* 2 zeroes */
- "\x01\x82" /* flags */
- "%c%c" /* 2 zeroes */
-
- /* domain string */
- /* user string */
- /* host string */
- /* LanManager response */
- /* NT response */
- ,
- 0, /* zero termination */
- 0,0,0, /* type-3 long, the 24 upper bits */
-
- SHORTPAIR(0x18), /* LanManager response length, twice */
- SHORTPAIR(0x18),
- SHORTPAIR(lmrespoff),
- 0x0, 0x0,
+ "\x01\x82" /* flags */
+ "%c%c" /* 2 zeroes */
+
+ /* domain string */
+ /* user string */
+ /* host string */
+ /* LanManager response */
+ /* NT response */
+ ,
+ 0, /* zero termination */
+ 0,0,0, /* type-3 long, the 24 upper bits */
+
+ SHORTPAIR(0x18), /* LanManager response length, twice */
+ SHORTPAIR(0x18),
+ SHORTPAIR(lmrespoff),
+ 0x0, 0x0,
#ifdef USE_NTRESPONSES
- SHORTPAIR(0x18), /* NT-response length, twice */
- SHORTPAIR(0x18),
+ SHORTPAIR(0x18), /* NT-response length, twice */
+ SHORTPAIR(0x18),
#else
- 0x0, 0x0,
- 0x0, 0x0,
+ 0x0, 0x0,
+ 0x0, 0x0,
#endif
- SHORTPAIR(ntrespoff),
- 0x0, 0x0,
+ SHORTPAIR(ntrespoff),
+ 0x0, 0x0,
- SHORTPAIR(domlen),
- SHORTPAIR(domlen),
- SHORTPAIR(domoff),
- 0x0, 0x0,
+ SHORTPAIR(domlen),
+ SHORTPAIR(domlen),
+ SHORTPAIR(domoff),
+ 0x0, 0x0,
- SHORTPAIR(userlen),
- SHORTPAIR(userlen),
- SHORTPAIR(useroff),
- 0x0, 0x0,
+ SHORTPAIR(userlen),
+ SHORTPAIR(userlen),
+ SHORTPAIR(useroff),
+ 0x0, 0x0,
- SHORTPAIR(hostlen),
- SHORTPAIR(hostlen),
- SHORTPAIR(hostoff),
- 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
+ SHORTPAIR(hostlen),
+ SHORTPAIR(hostlen),
+ SHORTPAIR(hostoff),
+ 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
- 0x0, 0x0,
+ 0x0, 0x0,
- 0x0, 0x0);
+ 0x0, 0x0);
/* size is now 64 */
size=64;
ntlmbuf[62]=ntlmbuf[63]=0;
+ /* Make sure that the user and domain strings fit in the target buffer
+ before we copy them there. */
+ if(size + userlen + domlen >= sizeof(ntlmbuf))
+ return NULL;
+
memcpy(&ntlmbuf[size], domain, domlen);
size += domlen;