[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Potential issues in libntlm 1.2
From: |
Olivier Lau |
Subject: |
Potential issues in libntlm 1.2 |
Date: |
Thu, 22 Apr 2010 09:19:17 +0000 (GMT) |
Hi,
I have noticed the following potential issues in libntlm 1.2:
- definition of tSmbNtlmAuthRequest in ntlm.h: the fields user and domain are
inverted. According to the spec (http://davenport.sourceforge.net/ntlm.html),
domain should be first. Also, "user" should actually be named "workstation" or
"host".
- buildSmbNtlmAuthResponse_userlen() function (in smbutil.c): about the last
line of the function:
response->flags = challenge->flags;
I believe the response to challenge should not mirror flags sent from the
server, as the client does not necessarilly have the same capabilities as the
server.
Olivier.
- Potential issues in libntlm 1.2,
Olivier Lau <=