[PATCH]: Samba4: Bug in ntlm_auth's ntlmssp-client-1 mode

[Kai Blin]

* Kai Blin <k.blin at gmx.net> [23/08/05, 20:16:59]:
> > When running it with ntlm_auth --helper-protocol=ntlmssp-client-1
> > --password=testpass --domain=NOWHERE --username=$USER
> > 
> > If lenght of $USER % 3 is 0, ntlm_auth v4 returns the same lenght of
> > base64 blob as v3. This seems to be correct.
> > 
> > If lenght of $USER % 3 is 1, the response is one character short,
> > resulting in an invalid base64 blob.
> > 
> > If lenght of $USER % 3 is 2, the response is one character too long,
> > also resulting in an invalid base64 blob.
> > 
> > This behaviour seems to change in offset if the lenght of the domain
> > name changes.
> 
> Yes, it looks like if $DOMAIN + $USER % 3 == 1 the length of the base64
> blob is ok. 
 
As it was I located the error myself. See the attached patch.

Cheers,
Kai

-- 
Kai Blin, private email
BOFH excuse #13:

we're waiting for [the phone company] to fix that line
-------------- next part --------------
Index: source/lib/ldb/common/ldb_ldif.c
===================================================================
--- source/lib/ldb/common/ldb_ldif.c	(revision 9670)
+++ source/lib/ldb/common/ldb_ldif.c	(working copy)
@@ -155,10 +155,10 @@
 	const char *b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
 	int bit_offset, byte_offset, idx, i;
 	const uint8_t *d = (const uint8_t *)buf;
-	int bytes = (len*8 + 5)/6;
+	int bytes = (len*8 + 5)/6, pad_bytes = (bytes % 4) ? 4 - (bytes % 4) : 0;
 	char *out;
 
-	out = talloc_array(mem_ctx, char, bytes+2);
+	out = talloc_array(mem_ctx, char, bytes+pad_bytes+1);
 	if (!out) return NULL;
 
 	for (i=0;i<bytes;i++) {
@@ -175,7 +175,8 @@
 		out[i] = b64[idx];
 	}
 
-	out[i++] = '=';
+	for (;i<bytes+pad_bytes;i++)
+		out[i] = '=';
 	out[i] = 0;
 
 	return out;