X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/f3d71ba5d3dc67ec6f9021e1da0d106ccfef080b..master:/src/src/auths/auth-spa.c

diff --git a/src/src/auths/auth-spa.c b/src/src/auths/auth-spa.c
index ec763e5b0..fd3099034 100644
--- a/src/src/auths/auth-spa.c
+++ b/src/src/auths/auth-spa.c
@@ -9,7 +9,8 @@
  * All the original code used here was torn by Marc Prud'hommeaux out of the
  * Samba project (by Andrew Tridgell, Jeremy Allison, and others).
  *
- * Copyright (c) The Exim Maintainers 2021
+ * Copyright (c) The Exim Maintainers 2021 - 2023
+ * SPDX-License-Identifier: GPL-2.0-or-later
 
  * Tom Kistner provided additional code, adding spa_build_auth_challenge() to
  * support server authentication mode.
@@ -1214,7 +1215,9 @@ char versionString[] = "libntlm version 0.21";
 
 #define spa_bytes_add(ptr, header, buf, count) \
 { \
-if (buf && (count) != 0) /* we hate -Wint-in-bool-contex */ \
+if (  buf && (count) != 0	/* we hate -Wint-in-bool-contex */ \
+   && ptr->bufIndex + count < sizeof(ptr->buffer)		\
+   ) \
   { \
   SSVAL(&ptr->header.len,0,count); \
   SSVAL(&ptr->header.maxlen,0,count); \
@@ -1252,15 +1255,10 @@ spa_bytes_add(ptr, header, b, len*2); \
 }
 
 
-#define GetUnicodeString(structPtr, header) \
-unicodeToString(((char*)structPtr) + IVAL(&structPtr->header.offset,0) , SVAL(&structPtr->header.len,0)/2)
-#define GetString(structPtr, header) \
-toString(((CS structPtr) + IVAL(&structPtr->header.offset,0)), SVAL(&structPtr->header.len,0))
-
 #ifdef notdef
 
 #define DumpBuffer(fp, structPtr, header) \
-dumpRaw(fp,(US structPtr)+IVAL(&structPtr->header.offset,0),SVAL(&structPtr->header.len,0))
+ dumpRaw(fp,(US structPtr)+IVAL(&structPtr->header.offset,0),SVAL(&structPtr->header.len,0))
 
 
 static void
@@ -1324,8 +1322,33 @@ buf[len] = 0;
 return buf;
 }
 
+static inline uschar *
+get_challenge_unistr(SPAAuthChallenge * challenge, SPAStrHeader * hdr)
+{
+int off = IVAL(&hdr->offset, 0);
+int len = SVAL(&hdr->len, 0);
+return off + len < sizeof(SPAAuthChallenge)
+  ? US unicodeToString(CS challenge + off, len/2) : US"";
+}
+
+static inline uschar *
+get_challenge_str(SPAAuthChallenge * challenge, SPAStrHeader * hdr)
+{
+int off = IVAL(&hdr->offset, 0);
+int len = SVAL(&hdr->len, 0);
+return off + len < sizeof(SPAAuthChallenge)
+  ? US toString(CS challenge + off, len) : US"";
+}
+
 #ifdef notdef
 
+#define GetUnicodeString(structPtr, header) \
+ unicodeToString(((char*)structPtr) + IVAL(&structPtr->header.offset,0) , SVAL(&structPtr->header.len,0)/2)
+
+#define GetString(structPtr, header) \
+ toString(((CS structPtr) + IVAL(&structPtr->header.offset,0)), SVAL(&structPtr->header.len,0))
+
+
 void
 dumpSmbNtlmAuthRequest (FILE * fp, SPAAuthRequest * request)
 {
@@ -1495,8 +1518,8 @@ if (p)
   }
 
 else domain = d = string_copy(cf & 0x1
-  ? CUS GetUnicodeString(challenge, uDomain)
-  : CUS GetString(challenge, uDomain));
+  ? CUS get_challenge_unistr(challenge, &challenge->uDomain)
+  : CUS get_challenge_str(challenge, &challenge->uDomain));
 
 spa_smb_encrypt(password, challenge->challengeData, lmRespData);
 spa_smb_nt_encrypt(password, challenge->challengeData, ntRespData);