Skip to content

Commit

Permalink
NTLM Auth type3flags set after array is copied (#132)
Browse files Browse the repository at this point in the history
Signed-off-by: jmehrens [email protected]
  • Loading branch information
jmehrens authored Feb 16, 2024
1 parent 9cd659c commit 57bf854
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 27 deletions.
52 changes: 25 additions & 27 deletions core/src/main/java/org/eclipse/angus/mail/auth/Ntlm.java
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2023 Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2024 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0, which is available at
Expand Down Expand Up @@ -54,14 +54,14 @@ public class Ntlm {
private SecretKeyFactory fac;
private Cipher cipher;
private MD4 md4;
private String hostname;
private String ntdomain;
private String username;
private String password;
private final String hostname;
private final String ntdomain;
private final String username;
private final String password;

private Mac hmac;

private MailLogger logger;
private final MailLogger logger;

// NTLM flags, as defined in Microsoft NTLM spec
// https://msdn.microsoft.com/en-us/library/cc236621.aspx
Expand Down Expand Up @@ -105,7 +105,7 @@ private void init0() {
cipher = Cipher.getInstance("DES/ECB/NoPadding");
md4 = new MD4();
} catch (NoSuchPaddingException | NoSuchAlgorithmException e) {
assert false;
assert false : e;
}
}

Expand Down Expand Up @@ -149,7 +149,7 @@ private void copybytes(byte[] dest, int destpos, String src, String enc) {
byte[] x = src.getBytes(enc);
System.arraycopy(x, 0, dest, destpos, x.length);
} catch (UnsupportedEncodingException e) {
assert false;
assert false : e;
}
}

Expand Down Expand Up @@ -189,8 +189,8 @@ public String generateType1Msg(int flags, boolean v2) {
if (logger.isLoggable(Level.FINE))
logger.fine("type 1 message: " + toHex(msg));

String result = null;
result = new String(Base64.getEncoder().encode(msg), StandardCharsets.ISO_8859_1);
String result = new String(Base64.getEncoder().encode(msg),
StandardCharsets.ISO_8859_1);
return result;
}

Expand Down Expand Up @@ -223,7 +223,7 @@ private byte[] hmacMD5(byte[] key, byte[] text) {
if (hmac == null)
hmac = Mac.getInstance("HmacMD5");
} catch (NoSuchAlgorithmException ex) {
throw new AssertionError();
throw new AssertionError(ex);
}
try {
byte[] nk = new byte[16];
Expand All @@ -232,15 +232,15 @@ private byte[] hmacMD5(byte[] key, byte[] text) {
hmac.init(skey);
return hmac.doFinal(text);
} catch (InvalidKeyException | RuntimeException ex) {
assert false;
assert false : ex;
}
return null;
}

private byte[] calcLMHash() throws GeneralSecurityException {
byte[] magic = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
byte[] pwb = null;
pwb = password.toUpperCase(Locale.ENGLISH).getBytes(StandardCharsets.ISO_8859_1);
byte[] pwb = password.toUpperCase(Locale.ENGLISH).getBytes(
StandardCharsets.ISO_8859_1);
byte[] pwb1 = new byte[14];
int len = password.length();
if (len > 14)
Expand Down Expand Up @@ -268,7 +268,7 @@ private byte[] calcNTHash() throws GeneralSecurityException {
try {
pw = password.getBytes("UnicodeLittleUnmarked");
} catch (UnsupportedEncodingException e) {
assert false;
assert false : e;
}
byte[] out = md4.digest(pw);
byte[] result = new byte[21];
Expand Down Expand Up @@ -315,7 +315,7 @@ private byte[] calcV2Response(byte[] nthash, byte[] blob, byte[] challenge)
getBytes("UnicodeLittleUnmarked");
} catch (UnsupportedEncodingException ex) {
// should never happen
assert false;
assert false : ex;
}
byte[] ntlmv2hash = hmacMD5(nthash, txt);
byte[] cb = new byte[blob.length + 8];
Expand All @@ -332,8 +332,8 @@ public String generateType3Msg(String type2msg) {

/* First decode the type2 message to get the server challenge */
/* challenge is located at type2[24] for 8 bytes */
byte[] type2 = null;
type2 = Base64.getDecoder().decode(type2msg.getBytes(StandardCharsets.US_ASCII));
byte[] type2 = Base64.getDecoder().decode(
type2msg.getBytes(StandardCharsets.US_ASCII));
if (logger.isLoggable(Level.FINE))
logger.fine("type 2 message: " + toHex(type2));

Expand Down Expand Up @@ -366,10 +366,9 @@ public String generateType3Msg(String type2msg) {
writeInt(type3, 48, l);
l += hlen;

byte[] msg = null;
byte[] lmresponse = null;
byte[] ntresponse = null;
int flags = readInt(type2, 20);
byte[] lmresponse;
byte[] ntresponse;

// did the server agree to NTLMv2?
if ((flags & NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY) != 0) {
Expand Down Expand Up @@ -420,17 +419,16 @@ public String generateType3Msg(String type2msg) {
writeInt(type3, 24, l);
l += ntresponse.length;
writeShort(type3, 56, l);
writeInt(type3, 60, type3flags);

msg = new byte[l];
byte[] msg = new byte[l];
System.arraycopy(type3, 0, msg, 0, l);

writeInt(type3, 60, type3flags);

if (logger.isLoggable(Level.FINE))
logger.fine("type 3 message: " + toHex(msg));

String result = null;
result = new String(Base64.getEncoder().encode(msg), StandardCharsets.ISO_8859_1);
String result = new String(Base64.getEncoder().encode(msg),
StandardCharsets.ISO_8859_1);
return result;

} catch (GeneralSecurityException ex) {
Expand Down Expand Up @@ -464,7 +462,7 @@ private void writeInt(byte[] b, int off, int data) {
b[off + 3] = (byte) ((data >> 24) & 0xff);
}

private static char[] hex =
private static final char[] hex =
{'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};

private static String toHex(byte[] b) {
Expand Down
1 change: 1 addition & 0 deletions doc/src/main/resources/docs/CHANGES.txt
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ The following bugs have been fixed in the 2.0.3 release.
116: MailHandler LogManger support for mail entries
123: MailHandler should catch ServiceConfigurationError
124: Illegal reflective access by com.sun.mail.util.SocketFetcher
132: NTLM Auth type3flags set after array is copied

CHANGES IN THE 2.0.2 RELEASE
----------------------------
Expand Down

0 comments on commit 57bf854

Please sign in to comment.