From ec419c3a386b54c2624906e0f80cd76e112b6d1e Mon Sep 17 00:00:00 2001 From: Elmar Vonlanthen Date: Mon, 7 Oct 2013 19:24:23 -0600 Subject: [PATCH] libntlmauth: Fix string field truncation Count of field bytes must begin at 0. Otherwise the decoder truncates 1 byte from the string due to lstring initial state values. Also drop the lstring_zero(s) macro. It is only used in one place and calling it 'zero' obscures that length is non-zero for invalid state. --- lib/ntlmauth/ntlmauth.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/ntlmauth/ntlmauth.cc b/lib/ntlmauth/ntlmauth.cc index 8b9589827c..c1435bc9de 100644 --- a/lib/ntlmauth/ntlmauth.cc +++ b/lib/ntlmauth/ntlmauth.cc @@ -99,8 +99,6 @@ ntlm_validate_packet(const ntlmhdr * hdr, const int32_t type) return NTLM_ERR_NONE; } -#define lstring_zero(s) s.str=NULL; s.l=-1; - /** * Fetches a string from the authentication packet. * The lstring data-part may point to inside the packet itself or a temporary static buffer. @@ -119,7 +117,8 @@ ntlm_fetch_string(const ntlmhdr *packet, const int32_t packet_size, const strhdr lstring rv; char *d; - lstring_zero(rv); + rv.str = NULL; + rv.l = -1; l = le16toh(str->len); o = le32toh(str->offset); @@ -130,6 +129,7 @@ ntlm_fetch_string(const ntlmhdr *packet, const int32_t packet_size, const strhdr return rv; } rv.str = (char *)packet + o; + rv.l = 0; if ((flags & NTLM_NEGOTIATE_ASCII) == 0) { /* UNICODE string */ unsigned short *s = (unsigned short *)rv.str; -- 2.47.3