[Dovecot] Concerned about Dovecot's new NTLM code
Andrew Bartlett
abartlet at samba.org
Mon Sep 27 16:01:07 EEST 2004
On Mon, 2004-09-27 at 22:49, Timo Sirainen wrote:
> On 27.9.2004, at 10:33, Andrew Bartlett wrote:
>
> >>> - NTLMSSP is NDR, not 'C struct pushed to the wire', it needs to be
> >>> correctly marshaled and unmarshaled.
> >>
> >> Yes, it's not a C struct, so what ? Where is the actual bug ?
> >
> > In my reading of the code, it appeared not to cope with the multiple
> > forms that NTLMSSP can take,
>
> I don't know about that, but
>
> > and in particular the Dovecot code seemed
> > to perform some of the conversions by cast.
>
> Where? To me it looks like it uses marshaling/unmarshaling everywhere.
mech-ntlm.c:mech_ntlm_auth_continue()
const struct ntlmssp_request *request =
(struct ntlmssp_request *)data;
That's 'unmarshal by cast'...
Andrew Bartlett
--
Andrew Bartlett abartlet at samba.org
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20040927/27987939/attachment-0001.bin>
More information about the dovecot
mailing list