From: Christian Niessner <openvpn@christian-niessner.de>
Date: Thu, 7 Mar 2013 18:37:58 +0000 (+0100)
Subject: Fix corner case in NTLM authentication (trac #172)
X-Git-Tag: v2.2.3~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e5e01614c479e714aa3754050725692ec0b5c6f0;p=thirdparty%2Fopenvpn.git

Fix corner case in NTLM authentication (trac #172)

The problem is located in the file proxy.c within
"establish_http_proxy_passthru": To keep buffers small long
base64-encoded NTLM-Strings are truncated.

But the truncating is done on a wrong place: base 64 strings can be
cut every 4 chars. the buffer is 128 bytes - including the terminating
\0, so the usable data is only 127 bytes. And decoding a 127 char
base64 string fails... this is why the ntlm authentication fails in
certain cases (long strings)...

Acked-by: Joerg Willmann <joe@clnt.de>
URL: https://community.openvpn.net/openvpn/ticket/172

Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit f8ac53b98ed2513f1d80363b6fd2351f1b4ae511)
---

diff --git a/proxy.c b/proxy.c
index fce64a14f..da7f0db05 100644
--- a/proxy.c
+++ b/proxy.c
@@ -519,7 +519,7 @@ establish_http_proxy_passthru (struct http_proxy_info *p,
 {
   struct gc_arena gc = gc_new ();
   char buf[512];
-  char buf2[128];
+  char buf2[129];
   char get[80];
   int status;
   int nparms;
@@ -642,7 +642,7 @@ establish_http_proxy_passthru (struct http_proxy_info *p,
 
               openvpn_snprintf (get, sizeof get, "%%*s NTLM %%%ds", (int) sizeof (buf2) - 1);
               nparms = sscanf (buf, get, buf2);
-              buf2[127] = 0; /* we only need the beginning - ensure it's null terminated. */
+              buf2[128] = 0; /* we only need the beginning - ensure it's null terminated. */
 
               /* check for "Proxy-Authenticate: NTLM TlRM..." */
               if (nparms == 1)