Potential issues in libntlm 1.2

libntlm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Potential issues in libntlm 1.2

From:	Olivier Lau
Subject:	Potential issues in libntlm 1.2
Date:	Thu, 22 Apr 2010 09:19:17 +0000 (GMT)

Hi,

I have noticed the following potential issues in libntlm 1.2:

- definition of tSmbNtlmAuthRequest in ntlm.h: the fields user and domain are 
inverted. According to the spec (http://davenport.sourceforge.net/ntlm.html), 
domain should be first. Also, "user" should actually be named "workstation" or 
"host".

- buildSmbNtlmAuthResponse_userlen() function (in smbutil.c): about the last 
line of the function:

response->flags = challenge->flags;

I believe the response to challenge should not mirror flags sent from the 
server, as the client does not necessarilly have the same capabilities as the 
server.

Olivier.

[Prev in Thread]

Current Thread

[Next in Thread]

Potential issues in libntlm 1.2, Olivier Lau <=
- Re: Potential issues in libntlm 1.2, Simon Josefsson, 2010/04/22

Prev by Date: Take a look at my photos on Facebook
Next by Date: Re: Potential issues in libntlm 1.2
Previous by thread: Take a look at my photos on Facebook
Next by thread: Re: Potential issues in libntlm 1.2
Index(es):
- Date
- Thread