Chromium Code Reviews Chromium Code Reviews
Issue 2873673002:
Add unit tests for NTLMv1 portable implementation (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_auth_handler_ntlm.h" | 5 #include "net/http/http_auth_handler_ntlm.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 // For gethostname | 8 // For gethostname |
| 9 #if defined(OS_POSIX) | 9 #if defined(OS_POSIX) |
| 10 #include <unistd.h> | 10 #include <unistd.h> |
| 11 #elif defined(OS_WIN) | 11 #elif defined(OS_WIN) |
| 12 #include <winsock2.h> | 12 #include <winsock2.h> |
| 13 #endif | 13 #endif |
| 14 | 14 |
| 15 #include "base/md5.h" | 15 #include "base/md5.h" |
| 16 #include "base/rand_util.h" | 16 #include "base/rand_util.h" |
| 17 #include "base/strings/string_util.h" | 17 #include "base/strings/string_util.h" |
| 18 #include "base/strings/sys_string_conversions.h" | 18 #include "base/strings/sys_string_conversions.h" |
| 19 #include "base/strings/utf_string_conversions.h" | 19 #include "base/strings/utf_string_conversions.h" |
| 20 #include "net/base/net_errors.h" | 20 #include "net/base/net_errors.h" |
| 21 #include "net/base/network_interfaces.h" | 21 #include "net/base/network_interfaces.h" |
| 22 #include "net/http/des.h" | 22 #include "net/ntlm/des.h" |
| 23 #include "net/http/md4.h" | 23 #include "net/ntlm/md4.h" |
| 24 | 24 |
| 25 namespace net { | 25 namespace net { |
| 26 | 26 |
| 27 // Based on mozilla/security/manager/ssl/src/nsNTLMAuthModule.cpp, | 27 // Based on mozilla/security/manager/ssl/src/nsNTLMAuthModule.cpp, |
| 28 // CVS rev. 1.14. | 28 // CVS rev. 1.14. |
| 29 // | 29 // |
| 30 // TODO(wtc): | 30 // TODO(wtc): |
| 31 // - The IS_BIG_ENDIAN code is not tested. | 31 // - The IS_BIG_ENDIAN code is not tested. |
| 32 // - Enable the logging code or just delete it. | 32 // - Enable the logging code or just delete it. |
| 33 // - Delete or comment out the LM code, which hasn't been tested and isn't | 33 // - Delete or comment out the LM code, which hasn't been tested and isn't |
| (...skipping 322 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 356 if (memcmp(cursor, NTLM_TYPE2_MARKER, sizeof(NTLM_TYPE2_MARKER)) != 0) | 356 if (memcmp(cursor, NTLM_TYPE2_MARKER, sizeof(NTLM_TYPE2_MARKER)) != 0) |
| 357 return ERR_UNEXPECTED; | 357 return ERR_UNEXPECTED; |
| 358 cursor += sizeof(NTLM_TYPE2_MARKER); | 358 cursor += sizeof(NTLM_TYPE2_MARKER); |
| 359 | 359 |
| 360 // read target name security buffer | 360 // read target name security buffer |
| 361 uint32_t target_len = ReadUint16(cursor); | 361 uint32_t target_len = ReadUint16(cursor); |
| 362 ReadUint16(cursor); // discard next 16-bit value | 362 ReadUint16(cursor); // discard next 16-bit value |
| 363 uint32_t offset = ReadUint32(cursor); // get offset from in_buf | 363 uint32_t offset = ReadUint32(cursor); // get offset from in_buf |
| 364 msg->target_len = 0; | 364 msg->target_len = 0; |
| 365 msg->target = NULL; | 365 msg->target = NULL; |
| 366 // Check the offset / length combo is in range of the input buffer, including | 366 |
| 367 // integer overflow checking. | 367 // Target length 0 is valid and indicates no target information. |
| 368 if (offset + target_len > offset && offset + target_len <= in_len) { | 368 if (target_len != 0) { |
| 369 msg->target_len = target_len; | 369 // Check the offset / length combo is in range of the input buffer, |
| 370 msg->target = ((const uint8_t*)in_buf) + offset; | 370 // including integer overflow checking. |
| 371 if (offset + target_len > offset && offset + target_len <= in_len) { | |
|
Ryan Sleevi
2017/07/12 17:56:38
if (target_len <= in_len && in_len - offset >= tar
asanka
2017/07/13 17:26:13
Ping
zentaro
2017/07/13 17:36:20
Sorry. I didn't see this one.
Changed it. Though
| |
| 372 msg->target_len = target_len; | |
| 373 msg->target = ((const uint8_t*)in_buf) + offset; | |
| 374 } else { | |
| 375 // Reject a message with a non-zero target length that | |
| 376 // would cause an overflow. | |
| 377 return ERR_UNEXPECTED; | |
| 378 } | |
| 371 } | 379 } |
| 372 | 380 |
| 373 // read flags | 381 // read flags |
| 374 msg->flags = ReadUint32(cursor); | 382 msg->flags = ReadUint32(cursor); |
| 375 | 383 |
| 376 // read challenge | 384 // read challenge |
| 377 memcpy(msg->challenge, cursor, sizeof(msg->challenge)); | 385 memcpy(msg->challenge, cursor, sizeof(msg->challenge)); |
| 378 cursor += sizeof(msg->challenge); | 386 cursor += sizeof(msg->challenge); |
| 379 | 387 |
| 380 NTLM_LOG(("NTLM type 2 message:\n")); | 388 NTLM_LOG(("NTLM type 2 message:\n")); |
| (...skipping 277 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 658 // of NTLM. | 666 // of NTLM. |
| 659 std::unique_ptr<HttpAuthHandler> tmp_handler(new HttpAuthHandlerNTLM); | 667 std::unique_ptr<HttpAuthHandler> tmp_handler(new HttpAuthHandlerNTLM); |
| 660 if (!tmp_handler->InitFromChallenge(challenge, target, ssl_info, origin, | 668 if (!tmp_handler->InitFromChallenge(challenge, target, ssl_info, origin, |
| 661 net_log)) | 669 net_log)) |
| 662 return ERR_INVALID_RESPONSE; | 670 return ERR_INVALID_RESPONSE; |
| 663 handler->swap(tmp_handler); | 671 handler->swap(tmp_handler); |
| 664 return OK; | 672 return OK; |
| 665 } | 673 } |
| 666 | 674 |
| 667 } // namespace net | 675 } // namespace net |
| OLD | NEW |
