diff -urdpNX /usr/share/dontdiff dovecot-1.0-test51.vanilla/src/auth/mech-ntlm.c dovecot-1.0-test51/src/auth/mech-ntlm.c --- dovecot-1.0-test51.vanilla/src/auth/mech-ntlm.c 2004-10-13 04:41:48.000000000 +0400 +++ dovecot-1.0-test51/src/auth/mech-ntlm.c 2004-10-29 14:54:38.000000000 +0400 @@ -74,7 +74,11 @@ ntlm_credentials_callback(const char *cr buffer_t *hash_buffer; int ret; - if (credentials == NULL && !request->ntlm2_negotiated) { + response_length = + ntlmssp_buffer_length(request->response, ntlm_response); + client_response = ntlmssp_buffer_data(request->response, ntlm_response); + + if ((credentials == NULL && !request->ntlm2_negotiated) || !response_length) { passdb->lookup_credentials(auth_request, PASSDB_CREDENTIALS_LANMAN, lm_credentials_callback); @@ -85,9 +89,6 @@ ntlm_credentials_callback(const char *cr hash, sizeof(hash)); hex_to_binary(credentials, hash_buffer); - response_length = - ntlmssp_buffer_length(request->response, ntlm_response); - client_response = ntlmssp_buffer_data(request->response, ntlm_response); if (response_length > NTLMSSP_RESPONSE_SIZE) { unsigned char ntlm_v2_response[NTLMSSP_V2_RESPONSE_SIZE]; diff -urdpNX /usr/share/dontdiff dovecot-1.0-test51.vanilla/src/lib-ntlm/ntlm-message.c dovecot-1.0-test51/src/lib-ntlm/ntlm-message.c --- dovecot-1.0-test51.vanilla/src/lib-ntlm/ntlm-message.c 2004-10-08 21:35:31.000000000 +0400 +++ dovecot-1.0-test51/src/lib-ntlm/ntlm-message.c 2004-10-29 15:49:34.000000000 +0400 @@ -164,13 +164,19 @@ static int ntlmssp_check_buffer(const st size_t data_size, const char **error) { uint32_t offset = read_le32(&buffer->offset); + uint16_t length = read_le16(&buffer->length); + uint16_t space = read_le16(&buffer->space); + + /* Empty buffer is ok */ + if (!length && !space) + return 1; if (offset >= data_size) { *error = "buffer offset out of bounds"; return 0; } - if (offset + read_le16(&buffer->space) > data_size) { + if (offset + space > data_size) { *error = "buffer end out of bounds"; return 0; }