From 30e0778a57a8db3d57d144471a869647037a115b Mon Sep 17 00:00:00 2001
From: Antonio Quartulli <antonio@openvpn.net>
Date: Wed, 16 Aug 2017 20:18:06 +0800
Subject: [PATCH] ntlm: avoid breaking anti-aliasing rules
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

The problem is visible when compiling with -O2:

ntlm.c: In function ântlm_phase_3â:
ntlm.c:305:9: warning: dereferencing type-punned pointer will break
strict-aliasing rules [-Wstrict-aliasing]
         if ((*((long *)&buf2[0x14]) & 0x00800000) == 0x00800000)

The spec suggests to interpret those 4 bytes as a long, but
this needs to be done carefully.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20170816121806.26471-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15268.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
(cherry picked from commit e84b6994b4d2b53bcebd5415a58de4cecd411a7b)
---
 src/openvpn/ntlm.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c
index 167c10b80..077fa3e2a 100644
--- a/src/openvpn/ntlm.c
+++ b/src/openvpn/ntlm.c
@@ -302,7 +302,21 @@ ntlm_phase_3(const struct http_proxy_info *p, const char *phase_2,
         /* Add target information block to the blob */
 
         /* Check for Target Information block */
-        if ((*((long *)&buf2[0x14]) & 0x00800000) == 0x00800000)
+        /* The NTLM spec instructs to interpret these 4 consecutive bytes as a
+         * 32bit long integer. However, no endianness is specified.
+         * The code here and that found in other NTLM implementations point
+         * towards the assumption that the byte order on the wire has to
+         * match the order on the sending and receiving hosts. Probably NTLM has
+         * been thought to be always running on x86_64/i386 machine thus
+         * implying Little-Endian everywhere.
+         *
+         * This said, in case of future changes, we should keep in mind that the
+         * byte order on the wire for the NTLM header is LE.
+         */
+        const size_t hoff = 0x14;
+        unsigned long flags = buf2[hoff] | (buf2[hoff + 1] << 8) |
+                              (buf2[hoff + 2] << 16) | (buf2[hoff + 3] << 24);
+        if ((flags & 0x00800000) == 0x00800000)
         {
             tib_len = buf2[0x28];            /* Get Target Information block size */
             if (tib_len > 96)
-- 
2.47.2