From f8ac53b98ed2513f1d80363b6fd2351f1b4ae511 Mon Sep 17 00:00:00 2001 From: Christian Niessner Date: Thu, 7 Mar 2013 19:37:58 +0100 Subject: Fix corner case in NTLM authentication (trac #172) The problem is located in the file proxy.c within "establish_http_proxy_passthru": To keep buffers small long base64-encoded NTLM-Strings are truncated. But the truncating is done on a wrong place: base 64 strings can be cut every 4 chars. the buffer is 128 bytes - including the terminating \0, so the usable data is only 127 bytes. And decoding a 127 char base64 string fails... this is why the ntlm authentication fails in certain cases (long strings)... Acked-by: Joerg Willmann URL: https://community.openvpn.net/openvpn/ticket/172 Signed-off-by: Gert Doering --- src/openvpn/proxy.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/openvpn/proxy.c') diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c index 363d8a7..95d7153 100644 --- a/src/openvpn/proxy.c +++ b/src/openvpn/proxy.c @@ -499,7 +499,7 @@ establish_http_proxy_passthru (struct http_proxy_info *p, { struct gc_arena gc = gc_new (); char buf[512]; - char buf2[128]; + char buf2[129]; char get[80]; int status; int nparms; @@ -622,7 +622,7 @@ establish_http_proxy_passthru (struct http_proxy_info *p, openvpn_snprintf (get, sizeof get, "%%*s NTLM %%%ds", (int) sizeof (buf2) - 1); nparms = sscanf (buf, get, buf2); - buf2[127] = 0; /* we only need the beginning - ensure it's null terminated. */ + buf2[128] = 0; /* we only need the beginning - ensure it's null terminated. */ /* check for "Proxy-Authenticate: NTLM TlRM..." */ if (nparms == 1) -- cgit v1.1