--------------------- PatchSet 6285 Date: 2004/08/28 12:09:14 Author: serassio Branch: nt-2_5 Tag: (none) Log: Source code cleanup of native Windows helpers related to Security Advisor SQUID-2004:2 Members: helpers/external_acl/win32_group/win32_check_group.c:1.1.8.14->1.1.8.15 helpers/ntlm_auth/NTLMSSP-WIN32/libntlmssp.c:1.1.4.8->1.1.4.9 Index: squid/helpers/external_acl/win32_group/win32_check_group.c =================================================================== RCS file: /cvsroot/squid-sf//squid/helpers/external_acl/win32_group/Attic/win32_check_group.c,v retrieving revision 1.1.8.14 retrieving revision 1.1.8.15 diff -u -r1.1.8.14 -r1.1.8.15 --- squid/helpers/external_acl/win32_group/win32_check_group.c 24 Jun 2004 17:39:16 -0000 1.1.8.14 +++ squid/helpers/external_acl/win32_group/win32_check_group.c 28 Aug 2004 12:09:14 -0000 1.1.8.15 @@ -248,7 +248,7 @@ /* returns 0 on match, -1 if no match */ static int wcstrcmparray(const wchar_t *str, const char **array) { - WCHAR wszGroup[256]; // Unicode Group + WCHAR wszGroup[GNLEN+1]; // Unicode Group while (*array) { MultiByteToWideChar(CP_ACP, 0, *array, @@ -266,7 +266,7 @@ Valid_Local_Groups(char *UserName, const char **Groups) { int result = 0; - WCHAR wszUserName[256]; // Unicode user name + WCHAR wszUserName[UNLEN+1]; // Unicode user name LPLOCALGROUP_USERS_INFO_0 pBuf = NULL; LPLOCALGROUP_USERS_INFO_0 pTmpBuf; @@ -336,13 +336,13 @@ Valid_Global_Groups(char *UserName, const char **Groups) { int result = 0; - WCHAR wszUserName[256]; // Unicode user name - WCHAR wszLocalDomain[256]; // Unicode Local Domain - WCHAR wszUserDomain[256]; // Unicode User Domain + WCHAR wszUserName[UNLEN+1]; // Unicode user name + WCHAR wszLocalDomain[DNLEN+1]; // Unicode Local Domain + WCHAR wszUserDomain[DNLEN+1]; // Unicode User Domain - char NTDomain[256]; + char NTDomain[DNLEN+UNLEN+1]; char *domain_qualify; - char User[256]; + char User[UNLEN+1]; LPWSTR LclDCptr = NULL; LPWSTR UsrDCptr = NULL; Index: squid/helpers/ntlm_auth/NTLMSSP-WIN32/libntlmssp.c =================================================================== RCS file: /cvsroot/squid-sf//squid/helpers/ntlm_auth/NTLMSSP-WIN32/Attic/libntlmssp.c,v retrieving revision 1.1.4.8 retrieving revision 1.1.4.9 diff -u -r1.1.4.8 -r1.1.4.9 --- squid/helpers/ntlm_auth/NTLMSSP-WIN32/libntlmssp.c 21 Feb 2004 11:46:03 -0000 1.1.4.8 +++ squid/helpers/ntlm_auth/NTLMSSP-WIN32/libntlmssp.c 28 Aug 2004 12:09:14 -0000 1.1.4.9 @@ -26,8 +26,8 @@ Valid_Group(char *UserName, char *Group) { int result = FALSE; - WCHAR wszUserName[256]; // Unicode user name - WCHAR wszGroup[256]; // Unicode Group + WCHAR wszUserName[UNLEN+1]; // Unicode user name + WCHAR wszGroup[GNLEN+1]; // Unicode Group LPLOCALGROUP_USERS_INFO_0 pBuf = NULL; LPLOCALGROUP_USERS_INFO_0 pTmpBuf; @@ -214,9 +214,9 @@ ntlm_check_auth(ntlm_authenticate * auth, int auth_length) { int rv; - char domain[256]; - char user[256]; - static char credentials[1024]; /* we can afford to waste */ + char domain[DNLEN+1]; + char user[UNLEN+1]; + static char credentials[DNLEN+UNLEN+2]; /* we can afford to waste */ lstring tmp; @@ -231,10 +231,15 @@ } if (Use_Unicode) { /* copy unicode buffer */ - WideCharToMultiByte(CP_ACP, 0, (LPCWSTR) tmp.str, tmp.l, domain, 256, NULL, NULL ); + WideCharToMultiByte(CP_ACP, 0, (LPCWSTR) tmp.str, tmp.l, domain, DNLEN+1, NULL, NULL ); /* add null termination */ domain[tmp.l / sizeof(WCHAR)] = '\0'; } else { + if (tmp.l > DNLEN) { + debug("Domain string exceeds %d bytes, rejecting\n", DNLEN); + ntlm_errno = NTLM_BAD_REQUEST; + return NULL; + } memcpy(domain, tmp.str, tmp.l); domain[tmp.l] = '\0'; } @@ -246,10 +251,15 @@ } if (Use_Unicode) { /* copy unicode buffer */ - WideCharToMultiByte(CP_ACP, 0, (LPCWSTR) tmp.str, tmp.l, user, 256, NULL, NULL ); + WideCharToMultiByte(CP_ACP, 0, (LPCWSTR) tmp.str, tmp.l, user, UNLEN+1, NULL, NULL ); /* add null termination */ user[tmp.l / sizeof(WCHAR)] = '\0'; } else { + if (tmp.l > UNLEN) { + debug("Username string exceeds %d bytes, rejecting\n", UNLEN); + ntlm_errno = NTLM_BAD_REQUEST; + return NULL; + } memcpy(user, tmp.str, tmp.l); user[tmp.l] = '\0'; }