[Dovecot] Concerned about Dovecot's new NTLM code
Timo Sirainen
tss at iki.fi
Mon Sep 27 16:30:20 EEST 2004
On 27.9.2004, at 16:01, Andrew Bartlett wrote:
>>> and in particular the Dovecot code seemed
>>> to perform some of the conversions by cast.
>>
>> Where? To me it looks like it uses marshaling/unmarshaling everywhere.
>
> mech-ntlm.c:mech_ntlm_auth_continue()
>
> const struct ntlmssp_request *request =
> (struct ntlmssp_request *)data;
Ah, now I understand how that code really works :) Yes, it relies on
compiler using specific alignmenting which isn't very good idea.
ntlmssp_check_request() should rather be replaced with something like:
static inline uint64_t read_le64(const void **input, uint64_t *output)
{
*output = *((uint64_t *) *input);
*input += sizeof(uint64_t);
return *output;
}
int ntlm_parse_response(struct ntlmssp_response *response, const void
*data, size_t data_size, const char **error_r) {
memset(response, 0, sizeof(*response));
..
if (read_le64(&data, &response->magic) != NTLMSSP_MAGIC) {
..
if (read_le32(&data, &response->type) != NTLMSSP_MSG_TYPE3) {
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20040927/393c0dc5/attachment-0001.bin>
More information about the dovecot
mailing list