From 836a7ffc27f7934243c8f54aaf95f157d99b1898 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Tue, 30 Dec 2014 21:20:28 -0800 Subject: [PATCH] ntlm_sspi_auth: convert to new base64 API --- helpers/ntlm_auth/SSPI/Makefile.am | 2 +- helpers/ntlm_auth/SSPI/ntlm_sspi_auth.cc | 38 +++++++++++++++++------- 2 files changed, 29 insertions(+), 11 deletions(-) diff --git a/helpers/ntlm_auth/SSPI/Makefile.am b/helpers/ntlm_auth/SSPI/Makefile.am index c76576bbed..3a6f743bf8 100644 --- a/helpers/ntlm_auth/SSPI/Makefile.am +++ b/helpers/ntlm_auth/SSPI/Makefile.am @@ -15,7 +15,7 @@ ntlm_sspi_auth_SOURCES = ntlm_sspi_auth.cc LDADD = \ $(top_builddir)/lib/ntlmauth/libntlmauth.la \ - -L$(top_builddir)/lib -lsspwin32 \ + $(top_builddir)/lib/libsspwin32.la \ $(top_builddir)/lib/libmiscencoding.la \ $(COMPAT_LIB) \ -lnetapi32 \ diff --git a/helpers/ntlm_auth/SSPI/ntlm_sspi_auth.cc b/helpers/ntlm_auth/SSPI/ntlm_sspi_auth.cc index fc17f25345..9c7fee834c 100644 --- a/helpers/ntlm_auth/SSPI/ntlm_sspi_auth.cc +++ b/helpers/ntlm_auth/SSPI/ntlm_sspi_auth.cc @@ -413,13 +413,27 @@ process_options(int argc, char *argv[]) exit(1); } +static bool +token_decode(size_t *decodedLen, uint8_t decoded[], const char *buf) +{ + struct base64_decode_ctx ctx; + base64_decode_init(&ctx); + if (!base64_decode_update(&ctx, decodedLen, decoded, strlen(buf), reinterpret_cast(buf)) || + !base64_decode_final(&ctx)) { + SEND_BH("message=\"base64 decode failed\""); + fprintf(stderr, "ERROR: base64 decoding failed for: '%s'\n", buf); + return false; + } + return true; +} + int manage_request() { ntlmhdr *fast_header; char buf[HELPER_INPUT_BUFFER]; - char decoded[HELPER_INPUT_BUFFER]; - int decodedLen; + uint8_t decoded[HELPER_INPUT_BUFFER]; + size_t decodedLen = 0; char helper_command[3]; int oversized = 0; char * ErrorMessage; @@ -459,7 +473,8 @@ manage_request() } while (false); if ((strlen(buf) > 3) && NTLM_packet_debug_enabled) { - decodedLen = base64_decode(decoded, sizeof(decoded), buf+3); + if (!token_decode(&decodedLen, decoded, buf+3)) + return 1; strncpy(helper_command, buf, 2); debug("Got '%s' from Squid with data:\n", helper_command); hex_dump(reinterpret_cast(decoded), decodedLen); @@ -467,15 +482,16 @@ manage_request() debug("Got '%s' from Squid\n", buf); if (memcmp(buf, "YR", 2) == 0) { /* refresh-request */ /* figure out what we got */ - if (strlen(buf) > 3) - decodedLen = base64_decode(decoded, sizeof(decoded), buf+3); - else { + if (strlen(buf) > 3) { + if (!decodedLen /* already decoded*/ && !token_decode(&decodedLen, decoded, buf+3)) + return 1; + } else { debug("Negotiate packet not supplied - self generated\n"); memcpy(decoded, &local_nego, sizeof(local_nego)); decodedLen = sizeof(local_nego); } if ((size_t)decodedLen < sizeof(ntlmhdr)) { /* decoding failure, return error */ - SEND_ERR("message=\"Packet format error, couldn't base64-decode\""); + SEND_ERR("message=\"Packet format error\""); return 1; } /* fast-track-decode request type. */ @@ -494,7 +510,8 @@ manage_request() if (c) { SEND_TT(c); if (NTLM_packet_debug_enabled) { - decodedLen = base64_decode(decoded, sizeof(decoded), c); + if (!token_decode(&decodedLen, decoded, c)) + return 1; debug("send 'TT' to squid with data:\n"); hex_dump(reinterpret_cast(decoded), decodedLen); if (NTLM_LocalCall) { @@ -528,10 +545,11 @@ manage_request() return 1; } /* figure out what we got */ - decodedLen = base64_decode(decoded, sizeof(decoded), buf+3); + if (!decodedLen /* already decoded*/ && !token_decode(&decodedLen, decoded, buf+3)) + return 1; if ((size_t)decodedLen < sizeof(ntlmhdr)) { /* decoding failure, return error */ - SEND_ERR("message=\"Packet format error, couldn't base64-decode\""); + SEND_ERR("message=\"Packet format error\""); return 1; } /* fast-track-decode request type. */ -- 2.47.2