[dovecot-cvs] dovecot/src/lib-ntlm ntlm-message.c,1.6,1.7

[cras at dovecot.org]

Update of /var/lib/cvs/dovecot/src/lib-ntlm
In directory talvi:/tmp/cvs-serv10286/src/lib-ntlm

Modified Files:
	ntlm-message.c 
Log Message:
allow LM authentication for older (Win9x) clients
which do not pass NTLM response in type 3 message. fixes
crash in dovecot-auth (empty credentials could be passed to 
hex_to_binary function if NTLM2 was negotiated). Patch by Andrey Panin



Index: ntlm-message.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/lib-ntlm/ntlm-message.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- ntlm-message.c	22 Oct 2004 13:34:08 -0000	1.6
+++ ntlm-message.c	11 Nov 2004 17:45:04 -0000	1.7
@@ -180,13 +180,19 @@
 				size_t data_size, const char **error)
 {
 	uint32_t offset = read_le32(&buffer->offset);
+	uint16_t length = read_le16(&buffer->length);
+	uint16_t space = read_le16(&buffer->space);
+
+	/* Empty buffer is ok */
+	if (length == 0 && space == 0)
+		return 1;
 
 	if (offset >= data_size) {
 		*error = "buffer offset out of bounds";
 		return 0;
 	}
 
-	if (offset + read_le16(&buffer->space) > data_size) {
+	if (offset + space > data_size) {
 		*error = "buffer end out of bounds";
 		return 0;
 	}