--------------------- PatchSet 6247 Date: 2004/07/24 12:53:05 Author: serassio Branch: nt-2_5 Tag: (none) Log: Fixed Challenge/response sizes in Squid's NTLMSSP code Members: src/defines.h:1.15.10.5->1.15.10.6 src/auth/ntlm/auth_ntlm.c:1.18.2.1.4.15->1.18.2.1.4.16 Index: squid/src/defines.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/defines.h,v retrieving revision 1.15.10.5 retrieving revision 1.15.10.6 diff -u -r1.15.10.5 -r1.15.10.6 --- squid/src/defines.h 9 Aug 2002 16:56:45 -0000 1.15.10.5 +++ squid/src/defines.h 24 Jul 2004 12:53:05 -0000 1.15.10.6 @@ -1,6 +1,6 @@ /* - * $Id: defines.h,v 1.15.10.5 2002/08/09 16:56:45 serassio Exp $ + * $Id: defines.h,v 1.15.10.6 2004/07/24 12:53:05 serassio Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -135,7 +135,7 @@ #define AUTHENTICATE_AV_FACTOR 1000 /* AUTHENTICATION */ -#define NTLM_CHALLENGE_SZ 300 +#define NTLM_CHALLENGE_SZ 400 #define CONNECT_PORT 443 Index: squid/src/auth/ntlm/auth_ntlm.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/auth/ntlm/auth_ntlm.c,v retrieving revision 1.18.2.1.4.15 retrieving revision 1.18.2.1.4.16 diff -u -r1.18.2.1.4.15 -r1.18.2.1.4.16 --- squid/src/auth/ntlm/auth_ntlm.c 18 Apr 2004 07:52:37 -0000 1.18.2.1.4.15 +++ squid/src/auth/ntlm/auth_ntlm.c 24 Jul 2004 12:53:05 -0000 1.18.2.1.4.16 @@ -515,13 +515,13 @@ helperstate = helperStatefulServerGetData(srv); if (helperstate == NULL) fatal("lost NTLM helper state! quitting\n"); - helperstate->challenge = xstrndup(reply, NTLM_CHALLENGE_SZ + 5); + helperstate->challenge = xstrdup(reply); helperstate->renewed = squid_curtime; /* and we satisfy the request that happended on the refresh boundary */ /* note this code is now in two places FIXME */ assert(ntlm_request->auth_state == AUTHENTICATE_STATE_NEGOTIATE); ntlm_request->authserver = srv; - ntlm_request->authchallenge = xstrndup(reply, NTLM_CHALLENGE_SZ + 5); + ntlm_request->authchallenge = xstrdup(reply); helperstate->challengeuses = 1; } else if (strncasecmp(reply, "AF ", 3) == 0) { /* we're finished, release the helper */ @@ -531,7 +531,7 @@ assert(ntlm_user != NULL); /* we only expect OK when finishing the handshake */ assert(ntlm_request->auth_state == AUTHENTICATE_STATE_RESPONSE); - ntlm_user->username = xstrndup(reply, MAX_LOGIN_SZ); + ntlm_user->username = xstrdup(reply); ntlm_request->authserver = NULL; helperStatefulReleaseServer(srv); #ifdef NTLM_FAIL_OPEN @@ -551,7 +551,7 @@ assert(ntlm_user != NULL); /* we only expect LD when finishing the handshake */ assert(ntlm_request->auth_state == AUTHENTICATE_STATE_RESPONSE); - ntlm_user->username = xstrndup(reply, MAX_LOGIN_SZ); + ntlm_user->username = xstrdup(reply); helperstate = helperStatefulServerGetData(ntlm_request->authserver); /* BH code: mark helper as broken */ authenticateNTLMResetServer(ntlm_request); @@ -749,7 +749,7 @@ /* increment the challenge uses */ helperstate->challengeuses++; /* assign the challenge */ - ntlm_request->authchallenge = xstrndup(helperstate->challenge, NTLM_CHALLENGE_SZ + 5); + ntlm_request->authchallenge = xstrdup(helperstate->challenge); handler(data, NULL); } @@ -952,7 +952,7 @@ /* we've recieved a negotiate request. pass to a helper */ debug(29, 9) ("authenticateNTLMAuthenticateUser: auth state ntlm none. %s\n", proxy_auth); ntlm_request->auth_state = AUTHENTICATE_STATE_NEGOTIATE; - ntlm_request->ntlmnegotiate = xstrndup(proxy_auth, NTLM_CHALLENGE_SZ + 5); + ntlm_request->ntlmnegotiate = xstrdup(proxy_auth);; conn->auth_type = AUTH_NTLM; conn->auth_user_request = auth_user_request; ntlm_request->conn = conn;