|
 |
6415a4 |
--- trunk/epan/dissectors/packet-ntlmssp.c 2013/11/28 16:33:54 53625
|
|
|
6415a4 |
+++ trunk/epan/dissectors/packet-ntlmssp.c 2013/11/28 16:39:04 53626
|
|
|
6415a4 |
@@ -517,9 +517,13 @@
|
|
|
6415a4 |
guint8 *sessionkey , const guint8 *encryptedsessionkey , int flags ,
|
|
|
6415a4 |
const ntlmssp_blob *ntlm_response, const ntlmssp_blob *lm_response _U_, ntlmssp_header_t *ntlmssph)
|
|
|
6415a4 |
{
|
|
|
6415a4 |
- char domain_name_unicode[256];
|
|
|
6415a4 |
- char user_uppercase[256];
|
|
|
6415a4 |
- char buf[512];
|
|
|
6415a4 |
+/* static const would be nicer, but -Werror=vla does not like it */
|
|
|
6415a4 |
+#define DOMAIN_NAME_BUF_SIZE 512
|
|
|
6415a4 |
+#define USER_BUF_SIZE 256
|
|
|
6415a4 |
+#define BUF_SIZE (DOMAIN_NAME_BUF_SIZE + USER_BUF_SIZE)
|
|
|
6415a4 |
+ char domain_name_unicode[DOMAIN_NAME_BUF_SIZE];
|
|
|
6415a4 |
+ char user_uppercase[USER_BUF_SIZE];
|
|
|
6415a4 |
+ char buf[BUF_SIZE];
|
|
|
6415a4 |
/*guint8 md4[NTLMSSP_KEY_LEN];*/
|
|
|
6415a4 |
unsigned char nt_password_hash[NTLMSSP_KEY_LEN];
|
|
|
6415a4 |
unsigned char nt_proof[NTLMSSP_KEY_LEN];
|
|
|
6415a4 |
@@ -544,10 +544,10 @@
|
|
|
6415a4 |
nb_pass = get_md4pass_list(&pass_list, nt_password);
|
|
|
6415a4 |
#endif
|
|
|
6415a4 |
i = 0;
|
|
|
6415a4 |
- memset(user_uppercase, 0, 256);
|
|
|
6415a4 |
+ memset(user_uppercase, 0, USER_BUF_SIZE);
|
|
|
6415a4 |
user_len = strlen(ntlmssph->acct_name);
|
|
|
6415a4 |
- if (user_len < 129) {
|
|
|
6415a4 |
- memset(buf, 0, 512);
|
|
|
6415a4 |
+ if (user_len < USER_BUF_SIZE / 2) {
|
|
|
6415a4 |
+ memset(buf, 0, BUF_SIZE);
|
|
|
6415a4 |
str_to_unicode(ntlmssph->acct_name, buf);
|
|
|
6415a4 |
for (j = 0; j < (2*user_len); j++) {
|
|
|
6415a4 |
if (buf[j] != '\0') {
|
|
|
6415a4 |
@@ -560,7 +540,7 @@
|
|
|
6415a4 |
return;
|
|
|
6415a4 |
}
|
|
|
6415a4 |
domain_len = strlen(ntlmssph->domain_name);
|
|
|
6415a4 |
- if (domain_len < 129) {
|
|
|
6415a4 |
+ if (domain_len < DOMAIN_NAME_BUF_SIZE / 2) {
|
|
|
6415a4 |
str_to_unicode(ntlmssph->domain_name, domain_name_unicode);
|
|
|
6415a4 |
}
|
|
|
6415a4 |
else {
|
|
|
6415a4 |
@@ -575,14 +579,14 @@
|
|
|
6415a4 |
printnbyte(nt_password_hash, NTLMSSP_KEY_LEN, "Current NT password hash: ", "\n");
|
|
|
6415a4 |
i++;
|
|
|
6415a4 |
/* ntowf computation */
|
|
|
6415a4 |
- memset(buf, 0, 512);
|
|
|
6415a4 |
+ memset(buf, 0, BUF_SIZE);
|
|
|
6415a4 |
memcpy(buf, user_uppercase, user_len*2);
|
|
|
6415a4 |
memcpy(buf+user_len*2, domain_name_unicode, domain_len*2);
|
|
|
6415a4 |
md5_hmac(buf, domain_len*2+user_len*2, nt_password_hash, NTLMSSP_KEY_LEN, ntowf);
|
|
|
6415a4 |
printnbyte(ntowf, NTLMSSP_KEY_LEN, "NTOWF: ", "\n");
|
|
|
6415a4 |
|
|
|
6415a4 |
/* LM response */
|
|
|
6415a4 |
- memset(buf, 0, 512);
|
|
|
6415a4 |
+ memset(buf, 0, BUF_SIZE);
|
|
|
6415a4 |
memcpy(buf, serverchallenge, 8);
|
|
|
6415a4 |
memcpy(buf+8, clientchallenge, 8);
|
|
|
6415a4 |
md5_hmac(buf, NTLMSSP_KEY_LEN, ntowf, NTLMSSP_KEY_LEN, lm_challenge_response);
|
|
|
6415a4 |
@@ -590,9 +594,9 @@
|
|
|
6415a4 |
printnbyte(lm_challenge_response, 24, "LM Response: ", "\n");
|
|
|
6415a4 |
|
|
|
6415a4 |
/* NT proof = First NTLMSSP_KEY_LEN bytes of NT response */
|
|
|
6415a4 |
- memset(buf, 0, 512);
|
|
|
6415a4 |
+ memset(buf, 0, BUF_SIZE);
|
|
|
6415a4 |
memcpy(buf, serverchallenge, 8);
|
|
|
6415a4 |
- memcpy(buf+8, ntlm_response->contents+NTLMSSP_KEY_LEN, ntlm_response->length-NTLMSSP_KEY_LEN);
|
|
|
6415a4 |
+ memcpy(buf+8, ntlm_response->contents+NTLMSSP_KEY_LEN, MIN(BUF_SIZE - 8, ntlm_response->length-NTLMSSP_KEY_LEN));
|
|
|
6415a4 |
md5_hmac(buf, ntlm_response->length-8, ntowf, NTLMSSP_KEY_LEN, nt_proof);
|
|
|
6415a4 |
printnbyte(nt_proof, NTLMSSP_KEY_LEN, "NT proof: ", "\n");
|
|
|
6415a4 |
if (!memcmp(nt_proof, ntlm_response->contents, NTLMSSP_KEY_LEN)) {
|