exit(1);
}
+static bool
+token_decode(size_t *decodedLen, uint8_t decoded[], const char *buf)
+{
+ struct base64_decode_ctx ctx;
+ base64_decode_init(&ctx);
+ if (!base64_decode_update(&ctx, decodedLen, decoded, strlen(buf), reinterpret_cast<const uint8_t*>(buf)) ||
+ !base64_decode_final(&ctx)) {
+ SEND_BH("message=\"base64 decode failed\"");
+ fprintf(stderr, "ERROR: base64 decoding failed for: '%s'\n", buf);
+ return false;
+ }
+ return true;
+}
+
int
manage_request()
{
ntlmhdr *fast_header;
char buf[HELPER_INPUT_BUFFER];
- char decoded[HELPER_INPUT_BUFFER];
- int decodedLen;
+ uint8_t decoded[HELPER_INPUT_BUFFER];
+ size_t decodedLen = 0;
char helper_command[3];
int oversized = 0;
char * ErrorMessage;
} while (false);
if ((strlen(buf) > 3) && NTLM_packet_debug_enabled) {
- decodedLen = base64_decode(decoded, sizeof(decoded), buf+3);
+ if (!token_decode(&decodedLen, decoded, buf+3))
+ return 1;
strncpy(helper_command, buf, 2);
debug("Got '%s' from Squid with data:\n", helper_command);
hex_dump(reinterpret_cast<unsigned char*>(decoded), decodedLen);
debug("Got '%s' from Squid\n", buf);
if (memcmp(buf, "YR", 2) == 0) { /* refresh-request */
/* figure out what we got */
- if (strlen(buf) > 3)
- decodedLen = base64_decode(decoded, sizeof(decoded), buf+3);
- else {
+ if (strlen(buf) > 3) {
+ if (!decodedLen /* already decoded*/ && !token_decode(&decodedLen, decoded, buf+3))
+ return 1;
+ } else {
debug("Negotiate packet not supplied - self generated\n");
memcpy(decoded, &local_nego, sizeof(local_nego));
decodedLen = sizeof(local_nego);
}
if ((size_t)decodedLen < sizeof(ntlmhdr)) { /* decoding failure, return error */
- SEND_ERR("message=\"Packet format error, couldn't base64-decode\"");
+ SEND_ERR("message=\"Packet format error\"");
return 1;
}
/* fast-track-decode request type. */
if (c) {
SEND_TT(c);
if (NTLM_packet_debug_enabled) {
- decodedLen = base64_decode(decoded, sizeof(decoded), c);
+ if (!token_decode(&decodedLen, decoded, c))
+ return 1;
debug("send 'TT' to squid with data:\n");
hex_dump(reinterpret_cast<unsigned char*>(decoded), decodedLen);
if (NTLM_LocalCall) {
return 1;
}
/* figure out what we got */
- decodedLen = base64_decode(decoded, sizeof(decoded), buf+3);
+ if (!decodedLen /* already decoded*/ && !token_decode(&decodedLen, decoded, buf+3))
+ return 1;
if ((size_t)decodedLen < sizeof(ntlmhdr)) { /* decoding failure, return error */
- SEND_ERR("message=\"Packet format error, couldn't base64-decode\"");
+ SEND_ERR("message=\"Packet format error\"");
return 1;
}
/* fast-track-decode request type. */