X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=ntlmsubr.c;h=941d0a070bba39aa64fbf7a237bffad994ca551e;hb=98cfcef26048bba06975e68a1aad05a8bac0d65d;hp=63cbed8f34a91fae338e3f1c0f6f6044de554895;hpb=c189f6a54f36f5b6f7734303db3cfc52311aab5f;p=~andy%2Ffetchmail

diff --git a/ntlmsubr.c b/ntlmsubr.c
index 63cbed8f..941d0a07 100644
--- a/ntlmsubr.c
+++ b/ntlmsubr.c
@@ -2,7 +2,7 @@
 
 #ifdef NTLM_ENABLE
 #include "fetchmail.h"
-#include "i18n.h"
+#include "gettext.h"
 #include "ntlm.h"
 #include "socket.h"
 
@@ -55,8 +55,12 @@ int ntlm_helper(int sock, struct query *ctl, const char *proto)
     if ((result = gen_recv(sock, msgbuf, sizeof msgbuf)))
 	goto cancelfail;
 
+    /*
+     * < 0: decoding error
+     * >= 0 < 32: too short to be plausible
+     */
     if ((result = from64tobits (&challenge, msgbuf, sizeof(challenge))) < 0
-	    || result < ((void *)&challenge.context - (void *)&challenge))
+	    || result < 32)
     {
 	report (stderr, GT_("could not decode BASE64 challenge\n"));
 	/* We do not goto cancelfail; the server has already sent the
@@ -73,9 +77,9 @@ int ntlm_helper(int sock, struct query *ctl, const char *proto)
      * - that offset + length is not bigger than buffer */
     if (0 != memcmp("NTLMSSP", challenge.ident, 8)
 	    || challenge.msgType != 2
-	    || challenge.uDomain.offset > result
-	    || challenge.uDomain.offset + challenge.uDomain.len < challenge.uDomain.offset
-	    || challenge.uDomain.offset + challenge.uDomain.len > result)
+	    || challenge.uDomain.offset > (unsigned)result
+	    || (challenge.uDomain.offset + challenge.uDomain.len) < challenge.uDomain.offset
+	    || (challenge.uDomain.offset + challenge.uDomain.len) > (unsigned)result)
     {
 	report (stderr, GT_("NTLM challenge contains invalid data.\n"));
 	result = PS_AUTHFAIL;