Support long Domain Names in NTLMSSP v2
... instead of crashing on them. :-) Discovered by Garming Sam <garming@catalyst.net.nz> svn path=/trunk/; revision=53626
This commit is contained in:
parent
71d05170dc
commit
30ae01c73b
|
@ -525,9 +525,13 @@ create_ntlmssp_v2_key(const char *nt_password _U_, const guint8 *serverchallenge
|
|||
guint8 *sessionkey , const guint8 *encryptedsessionkey , int flags ,
|
||||
const ntlmssp_blob *ntlm_response, const ntlmssp_blob *lm_response _U_, ntlmssp_header_t *ntlmssph)
|
||||
{
|
||||
char domain_name_unicode[256];
|
||||
char user_uppercase[256];
|
||||
char buf[512];
|
||||
/* static const would be nicer, but -Werror=vla does not like it */
|
||||
#define DOMAIN_NAME_BUF_SIZE 512
|
||||
#define USER_BUF_SIZE 256
|
||||
#define BUF_SIZE (DOMAIN_NAME_BUF_SIZE + USER_BUF_SIZE)
|
||||
char domain_name_unicode[DOMAIN_NAME_BUF_SIZE];
|
||||
char user_uppercase[USER_BUF_SIZE];
|
||||
char buf[BUF_SIZE];
|
||||
/*guint8 md4[NTLMSSP_KEY_LEN];*/
|
||||
unsigned char nt_password_hash[NTLMSSP_KEY_LEN];
|
||||
unsigned char nt_proof[NTLMSSP_KEY_LEN];
|
||||
|
@ -552,10 +556,10 @@ create_ntlmssp_v2_key(const char *nt_password _U_, const guint8 *serverchallenge
|
|||
nb_pass = get_md4pass_list(&pass_list, nt_password);
|
||||
#endif
|
||||
i = 0;
|
||||
memset(user_uppercase, 0, 256);
|
||||
memset(user_uppercase, 0, USER_BUF_SIZE);
|
||||
user_len = strlen(ntlmssph->acct_name);
|
||||
if (user_len < 129) {
|
||||
memset(buf, 0, 512);
|
||||
if (user_len < USER_BUF_SIZE / 2) {
|
||||
memset(buf, 0, BUF_SIZE);
|
||||
str_to_unicode(ntlmssph->acct_name, buf);
|
||||
for (j = 0; j < (2*user_len); j++) {
|
||||
if (buf[j] != '\0') {
|
||||
|
@ -568,7 +572,7 @@ create_ntlmssp_v2_key(const char *nt_password _U_, const guint8 *serverchallenge
|
|||
return;
|
||||
}
|
||||
domain_len = strlen(ntlmssph->domain_name);
|
||||
if (domain_len < 129) {
|
||||
if (domain_len < DOMAIN_NAME_BUF_SIZE / 2) {
|
||||
str_to_unicode(ntlmssph->domain_name, domain_name_unicode);
|
||||
}
|
||||
else {
|
||||
|
@ -583,14 +587,14 @@ create_ntlmssp_v2_key(const char *nt_password _U_, const guint8 *serverchallenge
|
|||
printnbyte(nt_password_hash, NTLMSSP_KEY_LEN, "Current NT password hash: ", "\n");
|
||||
i++;
|
||||
/* ntowf computation */
|
||||
memset(buf, 0, 512);
|
||||
memset(buf, 0, BUF_SIZE);
|
||||
memcpy(buf, user_uppercase, user_len*2);
|
||||
memcpy(buf+user_len*2, domain_name_unicode, domain_len*2);
|
||||
md5_hmac(buf, domain_len*2+user_len*2, nt_password_hash, NTLMSSP_KEY_LEN, ntowf);
|
||||
printnbyte(ntowf, NTLMSSP_KEY_LEN, "NTOWF: ", "\n");
|
||||
|
||||
/* LM response */
|
||||
memset(buf, 0, 512);
|
||||
memset(buf, 0, BUF_SIZE);
|
||||
memcpy(buf, serverchallenge, 8);
|
||||
memcpy(buf+8, clientchallenge, 8);
|
||||
md5_hmac(buf, NTLMSSP_KEY_LEN, ntowf, NTLMSSP_KEY_LEN, lm_challenge_response);
|
||||
|
@ -598,9 +602,9 @@ create_ntlmssp_v2_key(const char *nt_password _U_, const guint8 *serverchallenge
|
|||
printnbyte(lm_challenge_response, 24, "LM Response: ", "\n");
|
||||
|
||||
/* NT proof = First NTLMSSP_KEY_LEN bytes of NT response */
|
||||
memset(buf, 0, 512);
|
||||
memset(buf, 0, BUF_SIZE);
|
||||
memcpy(buf, serverchallenge, 8);
|
||||
memcpy(buf+8, ntlm_response->contents+NTLMSSP_KEY_LEN, ntlm_response->length-NTLMSSP_KEY_LEN);
|
||||
memcpy(buf+8, ntlm_response->contents+NTLMSSP_KEY_LEN, MIN(BUF_SIZE - 8, ntlm_response->length-NTLMSSP_KEY_LEN));
|
||||
md5_hmac(buf, ntlm_response->length-8, ntowf, NTLMSSP_KEY_LEN, nt_proof);
|
||||
printnbyte(nt_proof, NTLMSSP_KEY_LEN, "NT proof: ", "\n");
|
||||
if (!memcmp(nt_proof, ntlm_response->contents, NTLMSSP_KEY_LEN)) {
|
||||
|
|
Loading…
Reference in New Issue