Bug in mod_ntlm_winbind with samba 2.2.5
Georg.Weber at infineon.com
Georg.Weber at infineon.com
Mon Jan 20 13:55:00 GMT 2003
I have downloaded mod_ntlm_winbind "somwhere" from the samba-site.
Seems that it is not maintained (any more).
Does anyone know of an alternative module for mod_ntlm_winbind that works ?
If not, I'd like to maintain this module (What do I have to do ?)
However, I found a bug in the ntlmssp.c file, line 150 (or 224, see
explanation)
148: unsigned o = little_endian_word(off);
149: unsigned l = little_endian_word(len) / 2; /* Unicode! */
150: if (l > max)
151: return -1;
152: if (o >= srclen)
153: return -1;
154: if (o + l > srclen)
155: return -1;
The function [ntlm_msg3_getusername] (line 219) calls the function
[ntlm_extract_unicode] with the max-parameter assigned to MAX_USERLEN.
MAX_USERLEN has the value 21 (20 characters for username).
The problem is, that the username is in unicode, so the line 150 should be
something like the following (?):
149: unsigned l = little_endian_word(len) / 2; /* Unicode! */
150: if (l > max*2)
151: return -1;
regards,
____________________________________________________________________________
____
Georg Weber
Senior Engineer - Software Development Infineon Technologies
IFDA IT RD Microelectronic Design Centers
phone: +43 4242 305-6065 Austria GmbH
fax: +43 4242 3020-6065 Siemensstr. 2, 9500 Villach,
Austria
mailto: Georg.Weber at infineon.com http://www.infineon.com/ezmvi
More information about the samba-technical
mailing list