From 42cf54b7420cf00be3f81d73179d28fc2b56fc69 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnter=20Obiltschnig?= <guenter.obiltschnig@appinf.com>
Date: Wed, 3 Apr 2019 15:29:32 +0200
Subject: [PATCH] fixed NTLM SMTP authentication; added additional check for
 malformed server challenge to HTTPNTLMCredentials

---
 Net/src/HTTPNTLMCredentials.cpp | 1 +
 Net/src/SMTPClientSession.cpp   | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/Net/src/HTTPNTLMCredentials.cpp b/Net/src/HTTPNTLMCredentials.cpp
index 11fce2af4..4ecbe9528 100644
--- a/Net/src/HTTPNTLMCredentials.cpp
+++ b/Net/src/HTTPNTLMCredentials.cpp
@@ -117,6 +117,7 @@ std::string HTTPNTLMCredentials::createNTLMMessage(const std::string& responseAu
 	else
 	{
 		std::vector<unsigned char> buffer = NTLMCredentials::fromBase64(responseAuthParams);
+		if (buffer.empty()) throw HTTPException("Invalid NTLM challenge");
 		NTLMCredentials::ChallengeMessage challengeMsg;
 		if (NTLMCredentials::parseChallengeMessage(&buffer[0], buffer.size(), challengeMsg))
 		{
diff --git a/Net/src/SMTPClientSession.cpp b/Net/src/SMTPClientSession.cpp
index 16220c10d..bf29b564f 100644
--- a/Net/src/SMTPClientSession.cpp
+++ b/Net/src/SMTPClientSession.cpp
@@ -254,7 +254,8 @@ void SMTPClientSession::loginUsingNTLM(const std::string& username, const std::s
 	int status = sendCommand("AUTH NTLM", NTLMCredentials::toBase64(negotiateBuf), response);
 	if (status == 334)
 	{
-		std::vector<unsigned char> buffer = NTLMCredentials::fromBase64(response);
+		std::vector<unsigned char> buffer = NTLMCredentials::fromBase64(response.substr(4));
+		if (buffer.empty()) throw SMTPException("Invalid NTLM challenge");
 		NTLMCredentials::ChallengeMessage challengeMsg;
 		if (NTLMCredentials::parseChallengeMessage(&buffer[0], buffer.size(), challengeMsg))
 		{