[ros-diffs] [sserapion] 51920: - Fix corruption of provided string buffer - Fix calculation of length in bytes

Author: sserapion Date: Thu May 26 07:56:39 2011 New Revision: 51920 URL: http://svn.reactos.org/svn/reactos?rev=51920&view=rev Log: - Fix corruption of provided string buffer - Fix calculation of length in bytes Modified: branches/sspi-bringup/reactos/dll/win32/ntlmssp/calculations.c Modified: branches/sspi-bringup/reactos/dll/win32/ntlmssp/calculations.c URL: http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/… ============================================================================== --- branches/sspi-bringup/reactos/dll/win32/ntlmssp/calculations.c [iso-8859-1] (original) +++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/calculations.c [iso-8859-1] Thu May 26 07:56:39 2011 @@ -30,26 +30,26 @@ NTOWFv1(const PWCHAR password, PUCHAR result) { - ULONG i, len = wcslen(password); - + ULONG i, len = wcslen(password) * sizeof(WCHAR); + WCHAR pass[14]; + memcpy(pass, password, len); for(i = len; i<14; i++) { - password[i] = L'0'; - } - - MD4((PUCHAR)password, len, result); + pass[i] = L'0'; + } + MD4((PUCHAR)pass, 14, result); } VOID NTOWFv2(const PWCHAR password, const PWCHAR user, const PWCHAR domain, PUCHAR result) { UCHAR response_key_nt_v1 [16]; - ULONG len_user = user ? wcslen(user) : 0; - ULONG len_domain = domain ? wcslen(domain) : 0; + ULONG len_user = (user ? wcslen(user) : 0) * sizeof(WCHAR); + ULONG len_domain = (domain ? wcslen(domain) : 0) * sizeof(WCHAR); WCHAR user_upper[len_user + 1]; - ULONG len_user_u = len_user * sizeof(WCHAR); - ULONG len_domain_u = len_domain * sizeof(WCHAR); - WCHAR buff[(len_user + len_domain)*sizeof(WCHAR)]; + ULONG len_user_u = len_user; + ULONG len_domain_u = len_domain; + WCHAR buff[len_user + len_domain]; ULONG i; /* Uppercase user */ @@ -57,9 +57,8 @@ user_upper[i] = toupper(user[i]); } user_upper[len_user] = 0; - - len_user_u = swprintf(buff, user_upper, len_user_u); - len_domain_u = swprintf(buff+len_user_u, domain ? domain : L"", len_domain_u); + len_user_u = swprintf(buff, user_upper, len_user_u) * sizeof(WCHAR); + len_domain_u = swprintf(buff+len_user_u, domain ? domain : L"", len_domain_u) * sizeof(WCHAR); NTOWFv1(password, response_key_nt_v1); HMAC_MD5(response_key_nt_v1, 16, (PUCHAR)buff, len_user_u + len_domain_u, result);