Hello, attached patch contains small NTLM fixes: - open code ntlmssp_des_encrypt_triad() function; - add two missing safe_memset(). It's not safe to leave NTLM hashes on the stack, because they are plain password equivalents. Please consider applying. Best regards. -- Andrey Panin | Linux and UNIX system administrator pazke at donpac.ru | PGP key: wwwkeys.pgp.net -------------- next part -------------- diff -urpNX /usr/share/dontdiff dovecot-cvs.vanilla/src/lib-ntlm/ntlm-encrypt.c dovecot-cvs/src/lib-ntlm/ntlm-encrypt.c --- dovecot-cvs.vanilla/src/lib-ntlm/ntlm-encrypt.c 2004-07-30 07:01:24.000000000 +0400 +++ dovecot-cvs/src/lib-ntlm/ntlm-encrypt.c 2004-08-29 17:44:45.000000000 +0400 @@ -35,16 +35,6 @@ t_unicode_str(const char *src, int ucase return buffer_free_without_data(wstr); } -static void -ntlmssp_des_encrypt_triad(const unsigned char *hash, - const unsigned char *challenge, - unsigned char *response) -{ - deshash(response, hash, challenge); - deshash(response + 8, hash + 7, challenge); - deshash(response + 16, hash + 14, challenge); -} - const unsigned char * lm_hash(const char *passwd, unsigned char hash[LM_HASH_SIZE]) { @@ -112,7 +102,11 @@ ntlmssp_v1_response(const unsigned char memset(des_hash + NTLMSSP_HASH_SIZE, 0, sizeof(des_hash) - NTLMSSP_HASH_SIZE); - ntlmssp_des_encrypt_triad(des_hash, challenge, response); + deshash(response, des_hash, challenge); + deshash(response + 8, des_hash + 7, challenge); + deshash(response + 16, des_hash + 14, challenge); + + safe_memset(des_hash, 0, sizeof(des_hash)); } void @@ -131,4 +125,6 @@ ntlmssp_v2_response(const char *user, co hmac_md5_update(&ctx, challenge, NTLMSSP_CHALLENGE_SIZE); hmac_md5_update(&ctx, blob, blob_size); hmac_md5_final(&ctx, response); + + safe_memset(hash, 0, sizeof(hash)); } -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20040830/f6c59420/attachment-0001.bin>