[dovecot-cvs] dovecot/src/lib-ntlm ntlm-encrypt.c,1.3,1.4

[cras at dovecot.org]

Update of /home/cvs/dovecot/src/lib-ntlm
In directory talvi:/tmp/cvs-serv25175

Modified Files:
	ntlm-encrypt.c 
Log Message:
Patch by Andrey Panin:

 - open code ntlmssp_des_encrypt_triad() function;
 - add two missing safe_memset(). It's not safe to leave NTLM
   hashes on the stack, because they are plain password equivalents.



Index: ntlm-encrypt.c
===================================================================
RCS file: /home/cvs/dovecot/src/lib-ntlm/ntlm-encrypt.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- ntlm-encrypt.c	30 Jul 2004 03:01:24 -0000	1.3
+++ ntlm-encrypt.c	31 Aug 2004 09:32:33 -0000	1.4
@@ -35,16 +35,6 @@
 	return buffer_free_without_data(wstr);
 }
 
-static void
-ntlmssp_des_encrypt_triad(const unsigned char *hash,
-		 	  const unsigned char *challenge,
-			  unsigned char *response)
-{
-	deshash(response, hash, challenge);
-	deshash(response + 8, hash + 7, challenge);
-	deshash(response + 16, hash + 14, challenge);
-}
-
 const unsigned char *
 lm_hash(const char *passwd, unsigned char hash[LM_HASH_SIZE])
 {
@@ -112,7 +102,11 @@
 	memset(des_hash + NTLMSSP_HASH_SIZE, 0,
 	       sizeof(des_hash) - NTLMSSP_HASH_SIZE);
 
-	ntlmssp_des_encrypt_triad(des_hash, challenge, response);
+	deshash(response, des_hash, challenge);
+	deshash(response + 8, des_hash + 7, challenge);
+	deshash(response + 16, des_hash + 14, challenge);
+
+	safe_memset(des_hash, 0, sizeof(des_hash));
 }
 
 void
@@ -131,4 +125,6 @@
 	hmac_md5_update(&ctx, challenge, NTLMSSP_CHALLENGE_SIZE);
 	hmac_md5_update(&ctx, blob, blob_size);
 	hmac_md5_final(&ctx, response);
+
+	safe_memset(hash, 0, sizeof(hash));
 }