aboutsummaryrefslogtreecommitdiff
path: root/proxy.c
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-07-17 05:09:27 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-07-17 05:09:27 +0000
commite691cd568ab5a0e34924a3b80693af6125209d76 (patch)
tree66ac0db42a44c88fa4efb2ab602681eb14aab719 /proxy.c
parentFixed issue in read_key_file, where the return value of (diff)
downloadopenvpn-e691cd568ab5a0e34924a3b80693af6125209d76.tar.xz
Fixed a potential information leak in the new NTLM phase 3 code,
as well as a failure of the code to check the return value from base64_decode. Fixed compiler warnings in the new NTLM phase 3 code about implicit casting between signed and unsigned char *. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3064 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'proxy.c')
-rw-r--r--proxy.c12
1 files changed, 10 insertions, 2 deletions
diff --git a/proxy.c b/proxy.c
index ade914f..af3ea8b 100644
--- a/proxy.c
+++ b/proxy.c
@@ -476,9 +476,17 @@ establish_http_proxy_passthru (struct http_proxy_info *p,
if (!send_line_crlf (sd, buf))
goto error;
- openvpn_snprintf (buf, sizeof(buf), "Proxy-Authorization: NTLM %s",
- ntlm_phase_3 (p, buf2, &gc));
msg (D_PROXY, "Attempting NTLM Proxy-Authorization phase 3");
+ {
+ const char *np3 = ntlm_phase_3 (p, buf2, &gc);
+ if (!np3)
+ {
+ msg (D_PROXY, "NTLM Proxy-Authorization phase 3 failed: received corrupted data from proxy server");
+ goto error;
+ }
+ openvpn_snprintf (buf, sizeof(buf), "Proxy-Authorization: NTLM %s", np3);
+ }
+
msg (D_PROXY, "Send to HTTP proxy: '%s'", buf);
openvpn_sleep (1);
if (!send_line_crlf (sd, buf))