Fixed compiler warnings in the new NTLM phase 3 code about implicit
casting between signed and unsigned char *.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3064 e7ae566f-a301-0410-adde-c780ea21d3b5
... | ... |
@@ -88,8 +88,8 @@ gen_hmac_md5 (const char* data, int data_len, const char* key, int key_len,char |
88 | 88 |
|
89 | 89 |
HMAC_CTX c; |
90 | 90 |
HMAC_Init (&c, key, key_len, EVP_md5()); |
91 |
- HMAC_Update (&c, data, data_len); |
|
92 |
- HMAC_Final (&c, result, &len); |
|
91 |
+ HMAC_Update (&c, (const unsigned char *)data, data_len); |
|
92 |
+ HMAC_Final (&c, (unsigned char *)result, &len); |
|
93 | 93 |
HMAC_CTX_cleanup(&c); |
94 | 94 |
} |
95 | 95 |
|
... | ... |
@@ -215,6 +215,8 @@ ntlm_phase_3 (const struct http_proxy_info *p, const char *phase_2, struct gc_ar |
215 | 215 |
|
216 | 216 |
bool ntlmv2_enabled = (p->auth_method == HTTP_AUTH_NTLM2); |
217 | 217 |
|
218 |
+ CLEAR (buf2); |
|
219 |
+ |
|
218 | 220 |
ASSERT (strlen (p->up.username) > 0); |
219 | 221 |
ASSERT (strlen (p->up.password) > 0); |
220 | 222 |
|
... | ... |
@@ -241,6 +243,9 @@ ntlm_phase_3 (const struct http_proxy_info *p, const char *phase_2, struct gc_ar |
241 | 241 |
memset (md4_hash + 16, 0, 5); |
242 | 242 |
|
243 | 243 |
ret_val = base64_decode( phase_2, (void *)buf2); |
244 |
+ if (ret_val < 0) |
|
245 |
+ return NULL; |
|
246 |
+ |
|
244 | 247 |
/* we can be sure that phase_2 is less than 128 |
245 | 248 |
* therefore buf2 needs to be (3/4 * 128) */ |
246 | 249 |
|
... | ... |
@@ -253,7 +258,7 @@ ntlm_phase_3 (const struct http_proxy_info *p, const char *phase_2, struct gc_ar |
253 | 253 |
if (ntlmv2_enabled){ /* Generate NTLMv2 response */ |
254 | 254 |
|
255 | 255 |
/* NTLMv2 hash */ |
256 |
- my_strupr(strcpy(userdomain, username)); |
|
256 |
+ my_strupr((unsigned char *)strcpy(userdomain, username)); |
|
257 | 257 |
if (strlen(username) + strlen(domain) < sizeof(userdomain)) |
258 | 258 |
strcat(userdomain, domain); |
259 | 259 |
else |
... | ... |
@@ -266,8 +271,8 @@ ntlm_phase_3 (const struct http_proxy_info *p, const char *phase_2, struct gc_ar |
266 | 266 |
ntlmv2_blob[0x00]=1; /* Signature */ |
267 | 267 |
ntlmv2_blob[0x01]=1; /* Signature */ |
268 | 268 |
ntlmv2_blob[0x04]=0; /* Reserved */ |
269 |
- gen_timestamp(&ntlmv2_blob[0x08]); /* 64-bit Timestamp */ |
|
270 |
- gen_nonce(&ntlmv2_blob[0x10]); /* 64-bit Client Nonce */ |
|
269 |
+ gen_timestamp((unsigned char *)&ntlmv2_blob[0x08]); /* 64-bit Timestamp */ |
|
270 |
+ gen_nonce((unsigned char *)&ntlmv2_blob[0x10]); /* 64-bit Client Nonce */ |
|
271 | 271 |
ntlmv2_blob[0x18]=0; /* Unknown, zero should work */ |
272 | 272 |
|
273 | 273 |
/* Add target information block to the blob */ |
... | ... |
@@ -313,7 +318,7 @@ ntlm_phase_3 (const struct http_proxy_info *p, const char *phase_2, struct gc_ar |
313 | 313 |
|
314 | 314 |
memset (phase3, 0, sizeof (phase3)); /* clear reply */ |
315 | 315 |
|
316 |
- strcpy (phase3, "NTLMSSP\0"); /* signature */ |
|
316 |
+ strcpy ((char *)phase3, "NTLMSSP\0"); /* signature */ |
|
317 | 317 |
phase3[8] = 3; /* type 3 */ |
318 | 318 |
|
319 | 319 |
if (ntlmv2_enabled){ /* NTLMv2 response */ |
... | ... |
@@ -476,9 +476,17 @@ establish_http_proxy_passthru (struct http_proxy_info *p, |
476 | 476 |
if (!send_line_crlf (sd, buf)) |
477 | 477 |
goto error; |
478 | 478 |
|
479 |
- openvpn_snprintf (buf, sizeof(buf), "Proxy-Authorization: NTLM %s", |
|
480 |
- ntlm_phase_3 (p, buf2, &gc)); |
|
481 | 479 |
msg (D_PROXY, "Attempting NTLM Proxy-Authorization phase 3"); |
480 |
+ { |
|
481 |
+ const char *np3 = ntlm_phase_3 (p, buf2, &gc); |
|
482 |
+ if (!np3) |
|
483 |
+ { |
|
484 |
+ msg (D_PROXY, "NTLM Proxy-Authorization phase 3 failed: received corrupted data from proxy server"); |
|
485 |
+ goto error; |
|
486 |
+ } |
|
487 |
+ openvpn_snprintf (buf, sizeof(buf), "Proxy-Authorization: NTLM %s", np3); |
|
488 |
+ } |
|
489 |
+ |
|
482 | 490 |
msg (D_PROXY, "Send to HTTP proxy: '%s'", buf); |
483 | 491 |
openvpn_sleep (1); |
484 | 492 |
if (!send_line_crlf (sd, buf)) |