fixed NTLM SMTP authentication; added additional check for malformed server challenge to HTTPNTLMCredentials

This commit is contained in:
Günter Obiltschnig 2019-04-03 15:29:32 +02:00
parent 6ec6b58da3
commit 42cf54b742
2 changed files with 3 additions and 1 deletions

View File

@ -117,6 +117,7 @@ std::string HTTPNTLMCredentials::createNTLMMessage(const std::string& responseAu
else
{
std::vector<unsigned char> buffer = NTLMCredentials::fromBase64(responseAuthParams);
if (buffer.empty()) throw HTTPException("Invalid NTLM challenge");
NTLMCredentials::ChallengeMessage challengeMsg;
if (NTLMCredentials::parseChallengeMessage(&buffer[0], buffer.size(), challengeMsg))
{

View File

@ -254,7 +254,8 @@ void SMTPClientSession::loginUsingNTLM(const std::string& username, const std::s
int status = sendCommand("AUTH NTLM", NTLMCredentials::toBase64(negotiateBuf), response);
if (status == 334)
{
std::vector<unsigned char> buffer = NTLMCredentials::fromBase64(response);
std::vector<unsigned char> buffer = NTLMCredentials::fromBase64(response.substr(4));
if (buffer.empty()) throw SMTPException("Invalid NTLM challenge");
NTLMCredentials::ChallengeMessage challengeMsg;
if (NTLMCredentials::parseChallengeMessage(&buffer[0], buffer.size(), challengeMsg))
{