From: Elmar Vonlanthen Date: Sun, 13 Oct 2013 13:33:55 +0000 (-0600) Subject: libntlmauth: Fix string field truncation X-Git-Tag: SQUID_3_4_0_3~35 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=06a5cb1fa80b62f154457fdd1c03e3bef7992c41;p=thirdparty%2Fsquid.git libntlmauth: Fix string field truncation Count of field bytes must begin at 0. Otherwise the decoder truncates 1 byte from the string due to lstring initial state values. Also drop the lstring_zero(s) macro. It is only used in one place and calling it 'zero' obscures that length is non-zero for invalid state. --- diff --git a/lib/ntlmauth/ntlmauth.cc b/lib/ntlmauth/ntlmauth.cc index 8b9589827c..c1435bc9de 100644 --- a/lib/ntlmauth/ntlmauth.cc +++ b/lib/ntlmauth/ntlmauth.cc @@ -99,8 +99,6 @@ ntlm_validate_packet(const ntlmhdr * hdr, const int32_t type) return NTLM_ERR_NONE; } -#define lstring_zero(s) s.str=NULL; s.l=-1; - /** * Fetches a string from the authentication packet. * The lstring data-part may point to inside the packet itself or a temporary static buffer. @@ -119,7 +117,8 @@ ntlm_fetch_string(const ntlmhdr *packet, const int32_t packet_size, const strhdr lstring rv; char *d; - lstring_zero(rv); + rv.str = NULL; + rv.l = -1; l = le16toh(str->len); o = le32toh(str->offset); @@ -130,6 +129,7 @@ ntlm_fetch_string(const ntlmhdr *packet, const int32_t packet_size, const strhdr return rv; } rv.str = (char *)packet + o; + rv.l = 0; if ((flags & NTLM_NEGOTIATE_ASCII) == 0) { /* UNICODE string */ unsigned short *s = (unsigned short *)rv.str;