[dovecot-cvs] dovecot/src/lib-ntlm ntlm-encrypt.c,1.3,1.4
cras at dovecot.org
cras at dovecot.org
Tue Aug 31 12:32:35 EEST 2004
- Previous message: [dovecot-cvs]
dovecot/src/auth mech-apop.c, 1.3, 1.4 mech-cram-md5.c,
1.9, 1.10 mech-digest-md5.c, 1.23, 1.24 mech-login.c, 1.2,
1.3 mech-ntlm.c, 1.3, 1.4 mech-plain.c, 1.20, 1.21 mech-rpa.c,
1.2, 1.3 mech.c, 1.32, 1.33 mech.h, 1.20, 1.21
- Next message: [dovecot-cvs] dovecot/src/master main.c,1.53,1.54
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /home/cvs/dovecot/src/lib-ntlm
In directory talvi:/tmp/cvs-serv25175
Modified Files:
ntlm-encrypt.c
Log Message:
Patch by Andrey Panin:
- open code ntlmssp_des_encrypt_triad() function;
- add two missing safe_memset(). It's not safe to leave NTLM
hashes on the stack, because they are plain password equivalents.
Index: ntlm-encrypt.c
===================================================================
RCS file: /home/cvs/dovecot/src/lib-ntlm/ntlm-encrypt.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- ntlm-encrypt.c 30 Jul 2004 03:01:24 -0000 1.3
+++ ntlm-encrypt.c 31 Aug 2004 09:32:33 -0000 1.4
@@ -35,16 +35,6 @@
return buffer_free_without_data(wstr);
}
-static void
-ntlmssp_des_encrypt_triad(const unsigned char *hash,
- const unsigned char *challenge,
- unsigned char *response)
-{
- deshash(response, hash, challenge);
- deshash(response + 8, hash + 7, challenge);
- deshash(response + 16, hash + 14, challenge);
-}
-
const unsigned char *
lm_hash(const char *passwd, unsigned char hash[LM_HASH_SIZE])
{
@@ -112,7 +102,11 @@
memset(des_hash + NTLMSSP_HASH_SIZE, 0,
sizeof(des_hash) - NTLMSSP_HASH_SIZE);
- ntlmssp_des_encrypt_triad(des_hash, challenge, response);
+ deshash(response, des_hash, challenge);
+ deshash(response + 8, des_hash + 7, challenge);
+ deshash(response + 16, des_hash + 14, challenge);
+
+ safe_memset(des_hash, 0, sizeof(des_hash));
}
void
@@ -131,4 +125,6 @@
hmac_md5_update(&ctx, challenge, NTLMSSP_CHALLENGE_SIZE);
hmac_md5_update(&ctx, blob, blob_size);
hmac_md5_final(&ctx, response);
+
+ safe_memset(hash, 0, sizeof(hash));
}
- Previous message: [dovecot-cvs]
dovecot/src/auth mech-apop.c, 1.3, 1.4 mech-cram-md5.c,
1.9, 1.10 mech-digest-md5.c, 1.23, 1.24 mech-login.c, 1.2,
1.3 mech-ntlm.c, 1.3, 1.4 mech-plain.c, 1.20, 1.21 mech-rpa.c,
1.2, 1.3 mech.c, 1.32, 1.33 mech.h, 1.20, 1.21
- Next message: [dovecot-cvs] dovecot/src/master main.c,1.53,1.54
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the dovecot-cvs
mailing list