Details
-
Bug
-
Resolution: Done
-
P3: Somewhat important
-
None
-
5.0.0 Beta 1
-
None
-
Working against Squid with NTLM.
auth_param ntlm program /lib/squid/fakeauth_auth
auth_param ntlm children 10
Description
In setup against Squid with NTLM fakeauth all browser
are working properly.
Qt (is a great tool, thanks!), however, has failed
at the second step of NTLM (second message from proxy server).
The messages are attached.
In more detail as Wireshark decrypts Proxy-Authenticate string
of the second message:
NTLMSSP
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_CHALLENGE (0x00000002)
Domain: 10
MaxLen: 10
Offset: 48
Flags: 0xa2088207
NTLM Challenge: F08C6FB459CF3CF3
Reserved: 0000000000000000
Address List: Empty
In qauthenticator.cpp, function qNtlmDecodePhase2
there's a check
if (ch.targetName.len + ch.targetName.offset >= (unsigned)data.size())
return false;
data.size is 58.
Since 10 + 48 = 58, this sanity is not passed.
In order to fix it, I've used '>' instead of '>='
Since this fix, it is working properly.