diff options
| author | Jay Satiro <raysatiro@yahoo.com> | 2017-05-08 23:23:28 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2017-05-08 23:24:29 +0200 |
| commit | 1cafede9f2b4a838dfc80423415e60704b3346f9 (patch) | |
| tree | d1c4fce4f046b820f51836747a09f6f227911c5b /lib/vauth/ntlm.c | |
| parent | 9e9509e46a9db909e4c0a2ce0ac1ef5c94fcb3a4 (diff) | |
rand: treat fake entropy the same regardless of endianness
When the random seed is purposely made predictable for testing purposes
by using the CURL_ENTROPY environment variable, process that data in an
endian agnostic way so the the initial random seed is the same
regardless of endianness.
- Change Curl_rand to write to a char array instead of int array.
- Add Curl_rand_hex to write random hex characters to a buffer.
Fixes #1315
Closes #1468
Co-authored-by: Daniel Stenberg
Reported-by: Michael Kaufmann
Diffstat (limited to 'lib/vauth/ntlm.c')
| -rw-r--r-- | lib/vauth/ntlm.c | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c index d02eec491..42196455f 100644 --- a/lib/vauth/ntlm.c +++ b/lib/vauth/ntlm.c @@ -555,10 +555,10 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, #if defined(USE_NTRESPONSES) && defined(USE_NTLM_V2) if(ntlm->target_info_len) { unsigned char ntbuffer[0x18]; - unsigned int entropy[2]; + unsigned char entropy[8]; unsigned char ntlmv2hash[0x18]; - result = Curl_rand(data, &entropy[0], 2); + result = Curl_rand(data, entropy, 8); if(result) return result; @@ -572,15 +572,13 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, return result; /* LMv2 response */ - result = Curl_ntlm_core_mk_lmv2_resp(ntlmv2hash, - (unsigned char *)&entropy[0], + result = Curl_ntlm_core_mk_lmv2_resp(ntlmv2hash, entropy, &ntlm->nonce[0], lmresp); if(result) return result; /* NTLMv2 response */ - result = Curl_ntlm_core_mk_ntlmv2_resp(ntlmv2hash, - (unsigned char *)&entropy[0], + result = Curl_ntlm_core_mk_ntlmv2_resp(ntlmv2hash, entropy, ntlm, &ntlmv2resp, &ntresplen); if(result) return result; @@ -596,10 +594,10 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, unsigned char ntbuffer[0x18]; unsigned char tmp[0x18]; unsigned char md5sum[MD5_DIGEST_LENGTH]; - unsigned int entropy[2]; + unsigned char entropy[8]; /* Need to create 8 bytes random data */ - result = Curl_rand(data, &entropy[0], 2); + result = Curl_rand(data, entropy, 8); if(result) return result; |