diff options
author | Simo Sorce <simo@redhat.com> | 2015-03-19 20:22:49 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2015-03-19 20:22:49 -0400 |
commit | 64d1db926674fcc0ebda6e2d06238a19ea695206 (patch) | |
tree | 8b64c3e50eb870d835bcb5a349d220b315682d55 | |
parent | 8c664f7e8523e8fb8136c1912d9f86b901558155 (diff) | |
download | gss-ntlmssp-64d1db926674fcc0ebda6e2d06238a19ea695206.tar.gz gss-ntlmssp-64d1db926674fcc0ebda6e2d06238a19ea695206.tar.xz gss-ntlmssp-64d1db926674fcc0ebda6e2d06238a19ea695206.zip |
Fix length check of nt_responsefix32bit
An array passed as a function argument is just a cosmetic ay to pass just a
pointer. Therefore sizeof(array) will only return the pointer length, not
the array length, and on 32 bit pointers are 4 bytes long.
Fix payload calculation by passing in the known correct length instead of using
fancy sizeofs ...
-rw-r--r-- | src/ntlm_crypto.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/src/ntlm_crypto.c b/src/ntlm_crypto.c index c07f6cd..13e886e 100644 --- a/src/ntlm_crypto.c +++ b/src/ntlm_crypto.c @@ -646,9 +646,7 @@ int ntlmv2_verify_nt_response(struct ntlm_buffer *nt_response, nt_resp = (union wire_ntlm_response *)nt_response->data; - payload.length = nt_response->length - - sizeof(nt_resp->v2.resp) - + sizeof(server_chal); + payload.length = nt_response->length - sizeof(nt_resp->v2.resp) + 8; payload.data = malloc(payload.length); if (!payload.data) return ENOMEM; memcpy(payload.data, server_chal, 8); |