X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/d7978c0f8af20ff4c3f770589b1bb81568aecff3..1d28cc061677bd07d9bed48dd84bd5c590247043:/src/src/auths/auth-spa.c diff --git a/src/src/auths/auth-spa.c b/src/src/auths/auth-spa.c index b396e3892..bcf88c84d 100644 --- a/src/src/auths/auth-spa.c +++ b/src/src/auths/auth-spa.c @@ -8,6 +8,9 @@ * All the original code used here was torn by Marc Prud'hommeaux out of the * Samba project (by Andrew Tridgell, Jeremy Allison, and others). + * + * Copyright (c) The Exim Maintainers 2021 + * SPDX-License-Identifier: GPL-2.0-or-later * Tom Kistner provided additional code, adding spa_build_auth_challenge() to * support server authentication mode. @@ -374,27 +377,27 @@ void spa_bits_to_base64 (uschar *out, const uschar *in, int inlen) /* raw bytes in quasi-big-endian order to base 64 string (NUL-terminated) */ { - for (; inlen >= 3; inlen -= 3) - { - *out++ = base64digits[in[0] >> 2]; - *out++ = base64digits[((in[0] << 4) & 0x30) | (in[1] >> 4)]; - *out++ = base64digits[((in[1] << 2) & 0x3c) | (in[2] >> 6)]; - *out++ = base64digits[in[2] & 0x3f]; - in += 3; - } - if (inlen > 0) - { - uschar fragment; - - *out++ = base64digits[in[0] >> 2]; - fragment = (in[0] << 4) & 0x30; - if (inlen > 1) - fragment |= in[1] >> 4; - *out++ = base64digits[fragment]; - *out++ = (inlen < 2) ? '=' : base64digits[(in[1] << 2) & 0x3c]; - *out++ = '='; - } - *out = '\0'; +for (; inlen >= 3; inlen -= 3) + { + *out++ = base64digits[in[0] >> 2]; + *out++ = base64digits[((in[0] << 4) & 0x30) | (in[1] >> 4)]; + *out++ = base64digits[((in[1] << 2) & 0x3c) | (in[2] >> 6)]; + *out++ = base64digits[in[2] & 0x3f]; + in += 3; + } +if (inlen > 0) + { + uschar fragment; + + *out++ = base64digits[in[0] >> 2]; + fragment = (in[0] << 4) & 0x30; + if (inlen > 1) + fragment |= in[1] >> 4; + *out++ = base64digits[fragment]; + *out++ = (inlen < 2) ? '=' : base64digits[(in[1] << 2) & 0x3c]; + *out++ = '='; + } +*out = '\0'; } @@ -404,52 +407,52 @@ int spa_base64_to_bits (char *out, int outlength, const char *in) /* base 64 to raw bytes in quasi-big-endian order, returning count of bytes */ { - int len = 0; - register uschar digit1, digit2, digit3, digit4; +int len = 0; +uschar digit1, digit2, digit3, digit4; - if (in[0] == '+' && in[1] == ' ') - in += 2; - if (*in == '\r') - return (0); +if (in[0] == '+' && in[1] == ' ') + in += 2; +if (*in == '\r') + return (0); - do +do + { + if (len >= outlength) /* Added by PH */ + return -1; /* Added by PH */ + digit1 = in[0]; + if (DECODE64 (digit1) == BAD) + return -1; + digit2 = in[1]; + if (DECODE64 (digit2) == BAD) + return -1; + digit3 = in[2]; + if (digit3 != '=' && DECODE64 (digit3) == BAD) + return -1; + digit4 = in[3]; + if (digit4 != '=' && DECODE64 (digit4) == BAD) + return -1; + in += 4; + *out++ = (DECODE64 (digit1) << 2) | (DECODE64 (digit2) >> 4); + ++len; + if (digit3 != '=') { + if (len >= outlength) /* Added by PH */ + return -1; /* Added by PH */ + *out++ = + ((DECODE64 (digit2) << 4) & 0xf0) | (DECODE64 (digit3) >> 2); + ++len; + if (digit4 != '=') + { if (len >= outlength) /* Added by PH */ - return (-1); /* Added by PH */ - digit1 = in[0]; - if (DECODE64 (digit1) == BAD) - return (-1); - digit2 = in[1]; - if (DECODE64 (digit2) == BAD) - return (-1); - digit3 = in[2]; - if (digit3 != '=' && DECODE64 (digit3) == BAD) - return (-1); - digit4 = in[3]; - if (digit4 != '=' && DECODE64 (digit4) == BAD) - return (-1); - in += 4; - *out++ = (DECODE64 (digit1) << 2) | (DECODE64 (digit2) >> 4); + return -1; /* Added by PH */ + *out++ = ((DECODE64 (digit3) << 6) & 0xc0) | DECODE64 (digit4); ++len; - if (digit3 != '=') - { - if (len >= outlength) /* Added by PH */ - return (-1); /* Added by PH */ - *out++ = - ((DECODE64 (digit2) << 4) & 0xf0) | (DECODE64 (digit3) >> 2); - ++len; - if (digit4 != '=') - { - if (len >= outlength) /* Added by PH */ - return (-1); /* Added by PH */ - *out++ = ((DECODE64 (digit3) << 6) & 0xc0) | DECODE64 (digit4); - ++len; - } - } + } } - while (*in && *in != '\r' && digit4 != '='); + } +while (*in && *in != '\r' && digit4 != '='); - return (len); +return len; } @@ -1209,7 +1212,7 @@ char versionString[] = "libntlm version 0.21"; #define spa_bytes_add(ptr, header, buf, count) \ { \ -if (buf != NULL && count != 0) /* we hate -Wint-in-bool-contex */ \ +if (buf && (count) != 0) /* we hate -Wint-in-bool-contex */ \ { \ SSVAL(&ptr->header.len,0,count); \ SSVAL(&ptr->header.maxlen,0,count); \ @@ -1395,8 +1398,6 @@ int i; int p = (int)getpid(); int random_seed = (int)time(NULL) ^ ((p << 16) | p); -request = request; /* Added by PH to stop compilers whinging */ - /* Ensure challenge data is cleared, in case it isn't all used. This patch added by PH on suggestion of Russell King */