Fix crash: Handle invalid base64 in NTLM challenge.

Some servers, for instance the MS Exchange servers deployed by the
US-American National Aeronautics and Space Administration (NASA),
aborted the NTLM protocol exchange after receiving the initial request.

Fetchmail did not detect that there was an error message, rather than
NTLM protocol exchange, and caught a segmentation fault while reading
from a bad location.

Detect base64 decoding errors, and return PS_AUTHFAIL in this case.

Reported by J[ames] Porter Clark.

diff --git a/ntlmsubr.c b/ntlmsubr.c
index f9d2733071b5ae68eadd78cf3b01d4db38489f93..9321d26e7c99af92af44c7e677d5dc6f730b8a7c 100644 (file)
--- a/ntlmsubr.c
+++ b/ntlmsubr.c
@@ -55,7 +55,14 @@ int ntlm_helper(int sock, struct query *ctl, const char *proto)
     if ((result = gen_recv(sock, msgbuf, sizeof msgbuf)))
        goto cancelfail;
 
-    (void)from64tobits (&challenge, msgbuf, sizeof(challenge));
+    if ((result = from64tobits (&challenge, msgbuf, sizeof(challenge))) < 0)
+    {
+       report (stderr, GT_("could not decode BASE64 challenge\n"));
+       /* We do not goto cancelfail; the server has already sent the
+        * tagged reply, so the protocol exchange has ended, no need
+        * for us to send the asterisk. */
+       return PS_AUTHFAIL;
+    }
 
     if (outlevel >= O_DEBUG)
        dumpSmbNtlmAuthChallenge(stdout, &challenge);