From 9683f890944ffb114f5f8214f694e0b339cf5a5a Mon Sep 17 00:00:00 2001 From: Alberto Gonzalez Iniesta Date: Thu, 22 Jun 2017 13:16:46 +0200 Subject: New upstream version 2.4.3 --- src/openvpn/ntlm.c | 45 +++++++++++++++++++++++++++------------------ 1 file changed, 27 insertions(+), 18 deletions(-) (limited to 'src/openvpn/ntlm.c') diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c index e78af9e..0b1163e 100644 --- a/src/openvpn/ntlm.c +++ b/src/openvpn/ntlm.c @@ -15,10 +15,9 @@ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * - * You should have received a copy of the GNU General Public License - * along with this program (see the file COPYING included with this - * distribution); if not, write to the Free Software Foundation, Inc., - * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifdef HAVE_CONFIG_H @@ -86,13 +85,13 @@ static void gen_hmac_md5(const char *data, int data_len, const char *key, int key_len,char *result) { const md_kt_t *md5_kt = md_kt_get("MD5"); - hmac_ctx_t hmac_ctx; - CLEAR(hmac_ctx); + hmac_ctx_t *hmac_ctx = hmac_ctx_new(); - hmac_ctx_init(&hmac_ctx, key, key_len, md5_kt); - hmac_ctx_update(&hmac_ctx, (const unsigned char *)data, data_len); - hmac_ctx_final(&hmac_ctx, (unsigned char *)result); - hmac_ctx_cleanup(&hmac_ctx); + hmac_ctx_init(hmac_ctx, key, key_len, md5_kt); + hmac_ctx_update(hmac_ctx, (const unsigned char *)data, data_len); + hmac_ctx_final(hmac_ctx, (unsigned char *)result); + hmac_ctx_cleanup(hmac_ctx); + hmac_ctx_free(hmac_ctx); } static void @@ -124,19 +123,22 @@ gen_nonce(unsigned char *nonce) /* Generates 8 random bytes to be used as client nonce */ int i; - for (i = 0; i<8; i++) { + for (i = 0; i<8; i++) + { nonce[i] = (unsigned char)get_random(); } } -unsigned char * +void my_strupr(unsigned char *str) { /* converts string to uppercase in place */ - unsigned char *tmp = str; - do *str = toupper(*str); while (*(++str)); - return tmp; + while (*str) + { + *str = toupper(*str); + str++; + } } static int @@ -193,7 +195,7 @@ ntlm_phase_3(const struct http_proxy_info *p, const char *phase_2, struct gc_are */ char pwbuf[sizeof(p->up.password) * 2]; /* for unicode password */ - char buf2[128]; /* decoded reply from proxy */ + unsigned char buf2[128]; /* decoded reply from proxy */ unsigned char phase3[464]; char md4_hash[MD4_DIGEST_LENGTH+5]; @@ -299,7 +301,13 @@ ntlm_phase_3(const struct http_proxy_info *p, const char *phase_2, struct gc_are tib_len = 96; } { - char *tib_ptr = buf2 + buf2[0x2c]; /* Get Target Information block pointer */ + char *tib_ptr; + int tib_pos = buf2[0x2c]; + if (tib_pos + tib_len > sizeof(buf2)) + { + return NULL; + } + tib_ptr = buf2 + tib_pos; /* Get Target Information block pointer */ memcpy(&ntlmv2_blob[0x1c], tib_ptr, tib_len); /* Copy Target Information block into the blob */ } } @@ -373,6 +381,7 @@ ntlm_phase_3(const struct http_proxy_info *p, const char *phase_2, struct gc_are #else /* if NTLM */ static void -dummy(void) { +dummy(void) +{ } #endif /* if NTLM */ -- cgit v1.2.3