From 3fbc7cd331602c76f882d1b507cd05c1d824ba8b Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Mon, 13 Aug 2012 20:48:12 +0200 Subject: Fix crash: Handle invalid base64 in NTLM challenge. Some servers, for instance the MS Exchange servers deployed by the US-American National Aeronautics and Space Administration (NASA), aborted the NTLM protocol exchange after receiving the initial request. Fetchmail did not detect that there was an error message, rather than NTLM protocol exchange, and caught a segmentation fault while reading from a bad location. Detect base64 decoding errors, and return PS_AUTHFAIL in this case. Reported by J[ames] Porter Clark. --- ntlmsubr.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'ntlmsubr.c') diff --git a/ntlmsubr.c b/ntlmsubr.c index f9d27330..9321d26e 100644 --- a/ntlmsubr.c +++ b/ntlmsubr.c @@ -55,7 +55,14 @@ int ntlm_helper(int sock, struct query *ctl, const char *proto) if ((result = gen_recv(sock, msgbuf, sizeof msgbuf))) goto cancelfail; - (void)from64tobits (&challenge, msgbuf, sizeof(challenge)); + if ((result = from64tobits (&challenge, msgbuf, sizeof(challenge))) < 0) + { + report (stderr, GT_("could not decode BASE64 challenge\n")); + /* We do not goto cancelfail; the server has already sent the + * tagged reply, so the protocol exchange has ended, no need + * for us to send the asterisk. */ + return PS_AUTHFAIL; + } if (outlevel >= O_DEBUG) dumpSmbNtlmAuthChallenge(stdout, &challenge); -- cgit v1.2.3