From: Amos Jeffries <squid3@treenet.co.nz>
Date: Thu, 17 Sep 2015 13:03:28 +0000 (-0700)
Subject: ntlm_smb_lm_auth: ignore empty NTresponse field
X-Git-Tag: SQUID_3_5_9~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e44ad240c8ae67279ddd31b9f18ec848d1084512;p=thirdparty%2Fsquid.git

ntlm_smb_lm_auth: ignore empty NTresponse field
---

diff --git a/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc b/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
index c947c0f917..e6159bb654 100644
--- a/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
+++ b/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
@@ -272,7 +272,6 @@ ntlm_check_auth(ntlm_authenticate * auth, int auth_length)
     memcpy(pass, tmp.str, tmp.l);
     pass[min(MAX_PASSWD_LEN,tmp.l)] = '\0';
 
-#if 1
     debug("Empty LM pass detection: user: '%s', ours:'%s', his: '%s' (length: %d)\n",
           user,lmencoded_empty_pass,tmp.str,tmp.l);
     if (memcmp(tmp.str,lmencoded_empty_pass,ENCODED_PASS_LEN)==0) {
@@ -286,25 +285,27 @@ ntlm_check_auth(ntlm_authenticate * auth, int auth_length)
     {
         const strhdr * str = &auth->ntresponse;
         int16_t len = le16toh(str->len);
-        int32_t offset = le32toh(str->offset);
-
-        if (len != ENCODED_PASS_LEN || offset + len > auth_length || offset == 0) {
-            debug("NT response: insane data (pkt-sz: %d, fetch len: %d, offset: %d)\n", auth_length, len, offset);
-            ntlm_errno = NTLM_ERR_LOGON;
-            return NULL;
-        }
-        tmp.str = (char *)packet + offset;
-        tmp.l = len;
-
-        debug("Empty NT pass detection: user: '%s', ours:'%s', his: '%s' (length: %d)\n",
-              user,ntencoded_empty_pass,tmp.str,tmp.l);
-        if (memcmp(tmp.str,lmencoded_empty_pass,ENCODED_PASS_LEN)==0) {
-            fprintf(stderr,"ERROR: Empty NT password supplied for user %s\\%s. No-auth\n", domain, user);
-            ntlm_errno = NTLM_ERR_LOGON;
-            return NULL;
+        // NT response field may be absent. that is okay.
+        if (len != 0) {
+            int32_t offset = le32toh(str->offset);
+
+            if (len != ENCODED_PASS_LEN || offset + len > auth_length || offset == 0) {
+                debug("NT response: insane data (pkt-sz: %d, fetch len: %d, offset: %d)\n", auth_length, len, offset);
+                ntlm_errno = NTLM_ERR_LOGON;
+                return NULL;
+            }
+            tmp.str = (char *)packet + offset;
+            tmp.l = len;
+
+            debug("Empty NT pass detection: user: '%s', ours:'%s', his: '%s' (length: %d)\n",
+                  user,ntencoded_empty_pass,tmp.str,tmp.l);
+            if (memcmp(tmp.str,lmencoded_empty_pass,ENCODED_PASS_LEN)==0) {
+                fprintf(stderr,"ERROR: Empty NT password supplied for user %s\\%s. No-auth\n", domain, user);
+                ntlm_errno = NTLM_ERR_LOGON;
+                return NULL;
+            }
         }
     }
-#endif
 
     debug("checking domain: '%s', user: '%s', pass='%s'\n", domain, user, pass);