Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P3: Somewhat important
Fix Version/s: None
Affects Version/s: 5.0.0 Beta 1
Component/s: Network: Proxies
Labels:
None
Environment:
Working against Squid with NTLM.
auth_param ntlm program /lib/squid/fakeauth_auth
auth_param ntlm children 10

Description

In setup against Squid with NTLM fakeauth all browser
are working properly.

Qt (is a great tool, thanks!), however, has failed
at the second step of NTLM (second message from proxy server).

The messages are attached.

In more detail as Wireshark decrypts Proxy-Authenticate string
of the second message:

NTLMSSP
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_CHALLENGE (0x00000002)
Domain: 10
MaxLen: 10
Offset: 48
Flags: 0xa2088207
NTLM Challenge: F08C6FB459CF3CF3
Reserved: 0000000000000000
Address List: Empty

In qauthenticator.cpp, function qNtlmDecodePhase2
there's a check

if (ch.targetName.len + ch.targetName.offset >= (unsigned)data.size())
return false;

data.size is 58.
Since 10 + 48 = 58, this sanity is not passed.

In order to fix it, I've used '>' instead of '>='

Since this fix, it is working properly.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

NTLM.rtf
35 kB
14 Oct '12 11:07

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Shane Kearns

Reporter:: Robert Iakobashvili

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 14 Oct '12 11:07

Updated:: 01 Aug '14 17:42

Resolved:: 01 Aug '14 17:42

Gerrit Reviews

There are no open Gerrit changes

Show There is 1 closed Gerrit change

Hide There is 1 closed Gerrit change

fix off-by-one error in NTLM proxy authentication: Gerrit Review: