[cvsnt-dev] NTLMSSP auth with empty domain part fails

Andreas Tscharner andreas.tscharner at metromec.ch
Fri Oct 27 15:08:52 BST 2006


Arthur Barrett wrote:
> Andreas,

Hello Arthur,
> 
> Thanks I'm still on holiday - but will look at this next week.  If
> you don't see anything from me by Wednesday next week I'd appreciate
> a heads up ;).

I'll do that ;-)

In the meantime, the same user created another patch for the same 
problem. He says that it's up to you to decide which one to apply (if 
any). The patch is attached, here is the accompanying mail:


--- BEGIN MAIL ---

The attached might be a better patch (replaces my previous patch).
Maybe you could also forward it to upstream and let them decide which
one they like better.

The old working cvsnt version I have has the following code,
which sets header.offset to a bogus value:

AddBytes(ptr, header, buf, count) \
{ \
if (buf && count) \
   { \
   SSVAL(&ptr->header.len,0,count); \
   SSVAL(&ptr->header.maxlen,0,count); \
   SIVAL(&ptr->header.offset,0,((ptr->buffer - ((uint8*)ptr)) + 
ptr->bufIndex)); \
   memcpy(ptr->buffer+ptr->bufIndex, buf, count); \
   ptr->bufIndex += count; \
   } \
else \
   { \
   ptr->header.len = \
   ptr->header.maxlen = 0; \
   SIVAL(&ptr->header.offset,0,ptr->bufIndex); \
   } \
}

Initially I thought it's better not to touch this as it is difficult
for me to see what the consequences are for other NTLMSSP messages, but
now I think it's better to solve the problem at the root.


Thanks,
Johannes

--- END MAIL ---


Best regards
	Andreas
-- 
Andreas Tscharner                          andreas.tscharner at metromec.ch
------------------------------------------------------------------------
And the beast shall come forth surrounded by a roiling cloud of
vengeance. The house of the unbelievers shall be razed and they shall be
scorched to the earth. Their tags shall blink until the end of days.
                                             -- The Book of Mozilla 12:10
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: cvsnt-2.5.03.2382-ntlmssp-auth-fix2.patch
Url: http://www.cvsnt.org/pipermail/cvsnt-dev/attachments/20061027/1cbdfb24/attachment.diff 


More information about the cvsnt-dev mailing list