[Dovecot] [PATCH 0/10] NTLM patchset submission

[Timo Sirainen]

On 27.7.2004, at 16:18, Andrey Panin wrote:

> It contains common code in src/lib-ntlm directory, Samba compatible
> NTLM password scheme and authentication mechanism itself.

So now Dovecot has md4, md5, sha1 and des code. Maybe there should be a 
lib-crypto or something similiar for those.. Or anyway md4 and des 
would be better in lib/ than lib-ntlm/.

> Please take a look.

HMAC-MD5 code looks quite similiar to 
src/auth/password-scheme-cram-md5.c. Could they be merged somehow?

You use "char var[0]" in end of some structures. I've tried to avoid 
them so far everywhere since C89 doesn't support it. But I guess it's 
common enough feature that it could be allowed the way C99 supports it, 
var[].

+	int len = strlen(passwd);
+	ucs2le_t wpwd[len + 1];

Another C99ism.. Are there enough C99 compilers that it'd be good idea 
to require it? gcc of course works, but how about others?

+ntlmssp_v1_response(const unsigned char *hash,
..
+	memset(des_hash + NTLMSSP_HASH_SIZE, 0, sizeof(hash) - 
NTLMSSP_HASH_SIZE);

sizeof(des_hash)

+#define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)

offsetof() is ansi-c and defined in stddef.h

+const char * __ntlmssp_t_str(void *message, struct ntlmssp_buffer 
*buffer)
..
+	str_append_c(str, '\0');
+
+	return str_c(str);

str_c() nul-terminates the returned string so str_append_c() isn't 
needed there.

+static int ntlmssp_check_buffer(struct ntlmssp_buffer *buffer, size_t 
data_size, const char **error)
+{
+	uint32_t offset = read_le32(&buffer->offset);
+
+	if (offset <= data_size) {
+		*error = "buffer offset out of bounds";
+		return 0;
+	}

offset >= data_size I'd think?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20040728/88f9b49c/attachment-0001.bin>