[ros-diffs] [sserapion] 51920: - Fix corruption of provided string buffer - Fix calculation of length in bytes

Thu, 26 May 2011 00:57:02 -0700 

Author: sserapion
Date: Thu May 26 07:56:39 2011
New Revision: 51920

URL: http://svn.reactos.org/svn/reactos?rev=51920&view=rev
Log:
- Fix corruption of provided string buffer
- Fix calculation of length in bytes

Modified:
    branches/sspi-bringup/reactos/dll/win32/ntlmssp/calculations.c

Modified: branches/sspi-bringup/reactos/dll/win32/ntlmssp/calculations.c
URL: 
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/ntlmssp/calculations.c?rev=51920&r1=51919&r2=51920&view=diff
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/calculations.c [iso-8859-1] 
(original)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/calculations.c [iso-8859-1] 
Thu May 26 07:56:39 2011
@@ -30,26 +30,26 @@
 NTOWFv1(const PWCHAR password,
         PUCHAR result)
 {
-    ULONG i, len = wcslen(password);
-
+    ULONG i, len = wcslen(password) * sizeof(WCHAR);
+    WCHAR pass[14];
+    memcpy(pass, password, len);
     for(i = len; i<14; i++)
     {
-        password[i] = L'0';
-    }
-
-    MD4((PUCHAR)password, len, result);
+        pass[i] = L'0';
+    }
+    MD4((PUCHAR)pass, 14, result);
 }
 
 VOID
 NTOWFv2(const PWCHAR password, const PWCHAR user, const PWCHAR domain, PUCHAR 
result)
 {
     UCHAR response_key_nt_v1 [16];
-    ULONG len_user = user ? wcslen(user) : 0;
-    ULONG len_domain = domain ? wcslen(domain) : 0;
+    ULONG len_user = (user ? wcslen(user) : 0) * sizeof(WCHAR);
+    ULONG len_domain = (domain ? wcslen(domain) : 0) * sizeof(WCHAR);
     WCHAR user_upper[len_user + 1];
-    ULONG len_user_u = len_user * sizeof(WCHAR);
-    ULONG len_domain_u = len_domain * sizeof(WCHAR);
-    WCHAR buff[(len_user + len_domain)*sizeof(WCHAR)];
+    ULONG len_user_u = len_user;
+    ULONG len_domain_u = len_domain;
+    WCHAR buff[len_user + len_domain];
     ULONG i;
 
     /* Uppercase user */
@@ -57,9 +57,8 @@
         user_upper[i] = toupper(user[i]);
     }
     user_upper[len_user] = 0;
-
-    len_user_u = swprintf(buff, user_upper, len_user_u);
-    len_domain_u = swprintf(buff+len_user_u, domain ? domain : L"", 
len_domain_u);
+    len_user_u = swprintf(buff, user_upper, len_user_u) * sizeof(WCHAR);
+    len_domain_u = swprintf(buff+len_user_u, domain ? domain : L"", 
len_domain_u) * sizeof(WCHAR);
 
     NTOWFv1(password, response_key_nt_v1);
     HMAC_MD5(response_key_nt_v1, 16, (PUCHAR)buff, len_user_u + len_domain_u, 
result);

Reply via email to