[Dovecot] [PATCH] yet another NTLM update

[Andrey Panin]

Hello,

after more than week using dovecot as exim4 authentication backend, 
I noticed that some strange clients send type 3 messages with 
LM response only. Attached patch allows them to log in.

Please consider applying.

Best regards.

-- 
Andrey Panin		| Linux and UNIX system administrator
pazke at donpac.ru		| PGP key: wwwkeys.pgp.net
-------------- next part --------------
diff -urdpNX /usr/share/dontdiff dovecot-1.0-test51.vanilla/src/auth/mech-ntlm.c dovecot-1.0-test51/src/auth/mech-ntlm.c
--- dovecot-1.0-test51.vanilla/src/auth/mech-ntlm.c	2004-10-13 04:41:48.000000000 +0400
+++ dovecot-1.0-test51/src/auth/mech-ntlm.c	2004-10-29 14:54:38.000000000 +0400
@@ -74,7 +74,11 @@ ntlm_credentials_callback(const char *cr
 	buffer_t *hash_buffer;
 	int ret;
 
-	if (credentials == NULL && !request->ntlm2_negotiated) {
+	response_length =
+		ntlmssp_buffer_length(request->response, ntlm_response);
+	client_response = ntlmssp_buffer_data(request->response, ntlm_response);
+
+	if ((credentials == NULL && !request->ntlm2_negotiated) || !response_length) {
 		passdb->lookup_credentials(auth_request,
 					   PASSDB_CREDENTIALS_LANMAN,
 					   lm_credentials_callback);
@@ -85,9 +89,6 @@ ntlm_credentials_callback(const char *cr
 					 hash, sizeof(hash));
 	hex_to_binary(credentials, hash_buffer);
 
-	response_length =
-		ntlmssp_buffer_length(request->response, ntlm_response);
-	client_response = ntlmssp_buffer_data(request->response, ntlm_response);
 
 	if (response_length > NTLMSSP_RESPONSE_SIZE) {
 		unsigned char ntlm_v2_response[NTLMSSP_V2_RESPONSE_SIZE];
diff -urdpNX /usr/share/dontdiff dovecot-1.0-test51.vanilla/src/lib-ntlm/ntlm-message.c dovecot-1.0-test51/src/lib-ntlm/ntlm-message.c
--- dovecot-1.0-test51.vanilla/src/lib-ntlm/ntlm-message.c	2004-10-08 21:35:31.000000000 +0400
+++ dovecot-1.0-test51/src/lib-ntlm/ntlm-message.c	2004-10-29 15:49:34.000000000 +0400
@@ -164,13 +164,19 @@ static int ntlmssp_check_buffer(const st
 				size_t data_size, const char **error)
 {
 	uint32_t offset = read_le32(&buffer->offset);
+	uint16_t length = read_le16(&buffer->length);
+	uint16_t space = read_le16(&buffer->space);
+
+	/* Empty buffer is ok */
+	if (!length && !space)
+		return 1;
 
 	if (offset >= data_size) {
 		*error = "buffer offset out of bounds";
 		return 0;
 	}
 
-	if (offset + read_le16(&buffer->space) > data_size) {
+	if (offset + space > data_size) {
 		*error = "buffer end out of bounds";
 		return 0;
 	}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20041029/ed9da2e2/attachment-0001.bin>