Re: NTLM - compile warning, may be a bug

From: Andrew Bartlett <abartlet@dont-contact.us>
Date: Sun, 10 Mar 2002 22:49:47 +1100

Robert Collins wrote:
>
> > -----Original Message-----
> > From: Guido Serassio [mailto:serassio@libero.it]
> > Sent: Sunday, March 10, 2002 10:12 PM
> > To: squid-dev@squid-cache.org
> > Subject: NTLM - compile warning, may be a bug
> >
> >
> > Hi,
> >
> > Compiling 2.5 with the Compaq CCC on my Alpha Linux, I get
> > the following
> > suspect warning in the
> > src\auth\ntlm\helpers\NTLMSSP\libntlmssp.c file:
> >
> > cc: Info: libntlmssp.c, line 242: In this statement, an array
> > is being
> > accessed outside th
> > e bounds specified for the array type. (subscrbounds)
> > pass[25] = '\0';
> > ---------^
> >
> > But at line 200 pass[] is declared:
> >
> > char pass[25] /*, encrypted_pass[40] */;
> >
> > So, I think that this can be wrong.
>
> It's not pretty, but IIRC the next field is already grabbed or used. The
> fields in the transitted structure are not STRZ fields, but fixed length
> arrays - so this is correct.

But at the C level who is to say that the compile won't start putting
padding everywhere? If you really want to decode NTLMSSP I suggest you
have a look at how this is done in Samba HEAD. Tridge wrote a trival
MSRPC encoder/decoder that we use for this task.
(source/smbd/sesssetup.c)

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
Received on Sun Mar 10 2002 - 04:49:35 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:51 MST