diff options
| author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-07-17 05:09:27 +0000 |
|---|---|---|
| committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-07-17 05:09:27 +0000 |
| commit | e691cd568ab5a0e34924a3b80693af6125209d76 (patch) | |
| tree | 66ac0db42a44c88fa4efb2ab602681eb14aab719 /proxy.c | |
| parent | Fixed issue in read_key_file, where the return value of (diff) | |
| download | openvpn-e691cd568ab5a0e34924a3b80693af6125209d76.tar.xz | |
Fixed a potential information leak in the new NTLM phase 3 code,
as well as a failure of the code to check the return value from
base64_decode.
Fixed compiler warnings in the new NTLM phase 3 code about implicit
casting between signed and unsigned char *.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3064 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to '')
| -rw-r--r-- | proxy.c | 12 |
1 files changed, 10 insertions, 2 deletions
@@ -476,9 +476,17 @@ establish_http_proxy_passthru (struct http_proxy_info *p, if (!send_line_crlf (sd, buf)) goto error; - openvpn_snprintf (buf, sizeof(buf), "Proxy-Authorization: NTLM %s", - ntlm_phase_3 (p, buf2, &gc)); msg (D_PROXY, "Attempting NTLM Proxy-Authorization phase 3"); + { + const char *np3 = ntlm_phase_3 (p, buf2, &gc); + if (!np3) + { + msg (D_PROXY, "NTLM Proxy-Authorization phase 3 failed: received corrupted data from proxy server"); + goto error; + } + openvpn_snprintf (buf, sizeof(buf), "Proxy-Authorization: NTLM %s", np3); + } + msg (D_PROXY, "Send to HTTP proxy: '%s'", buf); openvpn_sleep (1); if (!send_line_crlf (sd, buf)) |