[Dovecot] Concerned about Dovecot's new NTLM code

Timo Sirainen tss at iki.fi
Mon Sep 27 16:30:20 EEST 2004


On 27.9.2004, at 16:01, Andrew Bartlett wrote:

>>>  and in particular the Dovecot code seemed
>>> to perform some of the conversions by cast.
>>
>> Where? To me it looks like it uses marshaling/unmarshaling everywhere.
>
> mech-ntlm.c:mech_ntlm_auth_continue()
>
> 		const struct ntlmssp_request *request =
> 			(struct ntlmssp_request *)data;

Ah, now I understand how that code really works :) Yes, it relies on 
compiler using specific alignmenting which isn't very good idea. 
ntlmssp_check_request() should rather be replaced with something like:

static inline uint64_t read_le64(const void **input, uint64_t *output)
{
	*output = *((uint64_t *) *input);
	*input += sizeof(uint64_t);
	return *output;
}

int ntlm_parse_response(struct ntlmssp_response *response, const void 
*data, size_t data_size, const char **error_r) {
	memset(response, 0, sizeof(*response));
..
	if (read_le64(&data, &response->magic) != NTLMSSP_MAGIC) {
..
	if (read_le32(&data, &response->type) != NTLMSSP_MSG_TYPE3) {
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20040927/393c0dc5/PGP.pgp


More information about the dovecot mailing list