| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_auth_handler_ntlm.h" | 5 #include "net/http/http_auth_handler_ntlm.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 // For gethostname | 8 // For gethostname |
| 9 #if defined(OS_POSIX) | 9 #if defined(OS_POSIX) |
| 10 #include <unistd.h> | 10 #include <unistd.h> |
| (...skipping 392 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 403 if (memcmp(cursor, NTLM_TYPE2_MARKER, sizeof(NTLM_TYPE2_MARKER)) != 0) | 403 if (memcmp(cursor, NTLM_TYPE2_MARKER, sizeof(NTLM_TYPE2_MARKER)) != 0) |
| 404 return ERR_UNEXPECTED; | 404 return ERR_UNEXPECTED; |
| 405 cursor += sizeof(NTLM_TYPE2_MARKER); | 405 cursor += sizeof(NTLM_TYPE2_MARKER); |
| 406 | 406 |
| 407 // read target name security buffer | 407 // read target name security buffer |
| 408 uint32_t target_len = ReadUint16(cursor); | 408 uint32_t target_len = ReadUint16(cursor); |
| 409 ReadUint16(cursor); // discard next 16-bit value | 409 ReadUint16(cursor); // discard next 16-bit value |
| 410 uint32_t offset = ReadUint32(cursor); // get offset from in_buf | 410 uint32_t offset = ReadUint32(cursor); // get offset from in_buf |
| 411 msg->target_len = 0; | 411 msg->target_len = 0; |
| 412 msg->target = NULL; | 412 msg->target = NULL; |
| 413 // Check the offset / length combo is in range of the input buffer, including | 413 |
| 414 // integer overflow checking. | 414 // Target length 0 is valid and indicates no target information. |
| 415 if (offset + target_len > offset && offset + target_len <= in_len) { | 415 if (target_len != 0) { |
| 416 msg->target_len = target_len; | 416 // Check the offset / length combo is in range of the input buffer, |
| 417 msg->target = ((const uint8_t*)in_buf) + offset; | 417 // including integer overflow checking. |
| 418 if (offset + target_len > offset && offset + target_len <= in_len) { |
| 419 msg->target_len = target_len; |
| 420 msg->target = ((const uint8_t*)in_buf) + offset; |
| 421 } else { |
| 422 // Reject a message with a non-zero target length that |
| 423 // would cause an overflow. |
| 424 return ERR_UNEXPECTED; |
| 425 } |
| 418 } | 426 } |
| 419 | 427 |
| 420 // read flags | 428 // read flags |
| 421 msg->flags = ReadUint32(cursor); | 429 msg->flags = ReadUint32(cursor); |
| 422 | 430 |
| 423 // read challenge | 431 // read challenge |
| 424 memcpy(msg->challenge, cursor, sizeof(msg->challenge)); | 432 memcpy(msg->challenge, cursor, sizeof(msg->challenge)); |
| 425 cursor += sizeof(msg->challenge); | 433 cursor += sizeof(msg->challenge); |
| 426 | 434 |
| 427 NTLM_LOG(("NTLM type 2 message:\n")); | 435 NTLM_LOG(("NTLM type 2 message:\n")); |
| (...skipping 300 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 728 // of NTLM. | 736 // of NTLM. |
| 729 std::unique_ptr<HttpAuthHandler> tmp_handler(new HttpAuthHandlerNTLM); | 737 std::unique_ptr<HttpAuthHandler> tmp_handler(new HttpAuthHandlerNTLM); |
| 730 if (!tmp_handler->InitFromChallenge(challenge, target, ssl_info, origin, | 738 if (!tmp_handler->InitFromChallenge(challenge, target, ssl_info, origin, |
| 731 net_log)) | 739 net_log)) |
| 732 return ERR_INVALID_RESPONSE; | 740 return ERR_INVALID_RESPONSE; |
| 733 handler->swap(tmp_handler); | 741 handler->swap(tmp_handler); |
| 734 return OK; | 742 return OK; |
| 735 } | 743 } |
| 736 | 744 |
| 737 } // namespace net | 745 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2873673002:
Add unit tests for NTLMv1 portable implementation (Closed)
