| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_auth_handler_ntlm.h" | 5 #include "net/http/http_auth_handler_ntlm.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 // For gethostname | 8 // For gethostname |
| 9 #if defined(OS_POSIX) | 9 #if defined(OS_POSIX) |
| 10 #include <unistd.h> | 10 #include <unistd.h> |
| (...skipping 347 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 358 if (memcmp(cursor, NTLM_TYPE2_MARKER, sizeof(NTLM_TYPE2_MARKER)) != 0) | 358 if (memcmp(cursor, NTLM_TYPE2_MARKER, sizeof(NTLM_TYPE2_MARKER)) != 0) |
| 359 return ERR_UNEXPECTED; | 359 return ERR_UNEXPECTED; |
| 360 cursor += sizeof(NTLM_TYPE2_MARKER); | 360 cursor += sizeof(NTLM_TYPE2_MARKER); |
| 361 | 361 |
| 362 // read target name security buffer | 362 // read target name security buffer |
| 363 uint32_t target_len = ReadUint16(cursor); | 363 uint32_t target_len = ReadUint16(cursor); |
| 364 ReadUint16(cursor); // discard next 16-bit value | 364 ReadUint16(cursor); // discard next 16-bit value |
| 365 uint32_t offset = ReadUint32(cursor); // get offset from in_buf | 365 uint32_t offset = ReadUint32(cursor); // get offset from in_buf |
| 366 msg->target_len = 0; | 366 msg->target_len = 0; |
| 367 msg->target = NULL; | 367 msg->target = NULL; |
| 368 // Check the offset / length combo is in range of the input buffer, including | 368 |
| 369 // integer overflow checking. | 369 // Target length 0 is valid and indicates no target information. |
| 370 if (offset + target_len > offset && offset + target_len <= in_len) { | 370 if (target_len != 0) { |
| 371 msg->target_len = target_len; | 371 // Check the offset / length combo is in range of the input buffer, |
| 372 msg->target = ((const uint8_t*)in_buf) + offset; | 372 // including integer overflow checking. |
| 373 if (offset + target_len > offset && offset + target_len <= in_len) { |
| 374 msg->target_len = target_len; |
| 375 msg->target = ((const uint8_t*)in_buf) + offset; |
| 376 } else { |
| 377 // Reject a message with a non-zero target length that |
| 378 // would cause an overflow. |
| 379 return ERR_UNEXPECTED; |
| 380 } |
| 373 } | 381 } |
| 374 | 382 |
| 375 // read flags | 383 // read flags |
| 376 msg->flags = ReadUint32(cursor); | 384 msg->flags = ReadUint32(cursor); |
| 377 | 385 |
| 378 // read challenge | 386 // read challenge |
| 379 memcpy(msg->challenge, cursor, sizeof(msg->challenge)); | 387 memcpy(msg->challenge, cursor, sizeof(msg->challenge)); |
| 380 cursor += sizeof(msg->challenge); | 388 cursor += sizeof(msg->challenge); |
| 381 | 389 |
| 382 NTLM_LOG(("NTLM type 2 message:\n")); | 390 NTLM_LOG(("NTLM type 2 message:\n")); |
| (...skipping 279 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 662 // of NTLM. | 670 // of NTLM. |
| 663 std::unique_ptr<HttpAuthHandler> tmp_handler(new HttpAuthHandlerNTLM); | 671 std::unique_ptr<HttpAuthHandler> tmp_handler(new HttpAuthHandlerNTLM); |
| 664 if (!tmp_handler->InitFromChallenge(challenge, target, ssl_info, origin, | 672 if (!tmp_handler->InitFromChallenge(challenge, target, ssl_info, origin, |
| 665 net_log)) | 673 net_log)) |
| 666 return ERR_INVALID_RESPONSE; | 674 return ERR_INVALID_RESPONSE; |
| 667 handler->swap(tmp_handler); | 675 handler->swap(tmp_handler); |
| 668 return OK; | 676 return OK; |
| 669 } | 677 } |
| 670 | 678 |
| 671 } // namespace net | 679 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2873673002:
Add unit tests for NTLMv1 portable implementation (Closed)
