From 9fc96e9f52b6b8ca67463289cde6d50b3d5911f9 Mon Sep 17 00:00:00 2001 From: liaichun Date: Mon, 20 Apr 2020 14:35:35 +0800 Subject: [PATCH] remove ntlm_build_type_2 to fix CVE-2019-19977 --- ntlm/ntlm.h | 2 -- ntlm/ntlmstruct.c | 32 -------------------------------- 2 files changed, 34 deletions(-) diff --git a/ntlm/ntlm.h b/ntlm/ntlm.h index 50a49d6..d5dae83 100644 --- a/ntlm/ntlm.h +++ b/ntlm/ntlm.h @@ -35,8 +35,6 @@ void ntlm_responses (unsigned char *lm_resp, unsigned char *nt_resp, size_t ntlm_build_type_1 (char *buf, size_t buflen, unsigned int flags, const char *domain, const char *workstation); -size_t ntlm_build_type_2 (char *buf, size_t buflen, unsigned int flags, - const unsigned char *nonce, const char *domain); size_t ntlm_build_type_3 (char *buf, size_t buflen, unsigned int flags, const unsigned char *lm_resp, diff --git a/ntlm/ntlmstruct.c b/ntlm/ntlmstruct.c index dfb80de..3167da7 100644 --- a/ntlm/ntlmstruct.c +++ b/ntlm/ntlmstruct.c @@ -218,38 +218,6 @@ ntlm_build_type_1 (char *buf, size_t buflen, unsigned int flags, return offset; } -/* Build a NTLM type 2 structure in the buffer */ -size_t -ntlm_build_type_2 (char *buf, size_t buflen, unsigned int flags, - const unsigned char *nonce, const char *domain) -{ - size_t offset = T2SIZE; - size_t len; - char string[256]; - unsigned char *up; - - if (buflen < offset) - return 0; - memcpy (buf, NTLMSSP, 8); - write_uint32 (buf, MSGTYPE, 2); - up = NULL; - len = 0; - if (domain != NULL) - { - len = strlen (domain); - if (offset + 2 * len > buflen) - return 0; - up = nt_unicode (lm_uccpy (string, len, domain), 2 * len); - } - write_string (buf, T2AUTHTARGET, &offset, up, len); - if (up != NULL) - free (up); - write_uint32 (buf, T2FLAGS, flags); - memcpy (buf + T2NONCE, nonce, 8); - memset (buf + T2RESERVED, 0, 8); - return offset; -} - /* Build a NTLM type 3 structure in the buffer */ size_t ntlm_build_type_3 (char *buf, size_t buflen, unsigned int flags, -- 1.8.3.1