[Dovecot] Concerned about Dovecot's new NTLM code

Andrew Bartlett abartlet at samba.org
Mon Sep 27 16:01:07 EEST 2004


On Mon, 2004-09-27 at 22:49, Timo Sirainen wrote:
> On 27.9.2004, at 10:33, Andrew Bartlett wrote:
> 
> >>>  - NTLMSSP is NDR, not 'C struct pushed to the wire', it needs to be
> >>> correctly marshaled and unmarshaled.
> >>
> >> Yes, it's not a C struct, so what ? Where is the actual bug ?
> >
> > In my reading of the code, it appeared not to cope with the multiple
> > forms that NTLMSSP can take,
> 
> I don't know about that, but
> 
> >  and in particular the Dovecot code seemed
> > to perform some of the conversions by cast.
> 
> Where? To me it looks like it uses marshaling/unmarshaling everywhere.

mech-ntlm.c:mech_ntlm_auth_continue()

		const struct ntlmssp_request *request =
			(struct ntlmssp_request *)data;

That's 'unmarshal by cast'...

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at samba.org
Authentication Developer, Samba Team            http://samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20040927/27987939/attachment.pgp


More information about the dovecot mailing list