rand: treat fake entropy the same regardless of endianness

When the random seed is purposely made predictable for testing purposes by using the CURL_ENTROPY environment variable, process that data in an endian agnostic way so the the initial random seed is the same regardless of endianness. - Change Curl_rand to write to a char array instead of int array. - Add Curl_rand_hex to write random hex characters to a buffer. Fixes #1315 Closes #1468 Co-authored-by: Daniel Stenberg Reported-by: Michael Kaufmann
author: Jay Satiro <raysatiro@yahoo.com> 2017-05-08 23:23:28 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2017-05-08 23:24:29 +0200
commit: 1cafede9f2b4a838dfc80423415e60704b3346f9 (patch)
tree: d1c4fce4f046b820f51836747a09f6f227911c5b /lib/vauth/ntlm.c
parent: 9e9509e46a9db909e4c0a2ce0ac1ef5c94fcb3a4 (diff)
download: curl-1cafede9f2b4a838dfc80423415e60704b3346f9.tar.gz
1 files changed, 6 insertions, 8 deletions
diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c
index d02eec491..42196455f 100644
--- a/lib/vauth/ntlm.c
+++ b/lib/vauth/ntlm.c
@@ -555,10 +555,10 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
 #if defined(USE_NTRESPONSES) && defined(USE_NTLM_V2)
   if(ntlm->target_info_len) {
     unsigned char ntbuffer[0x18];
-    unsigned int entropy[2];
+    unsigned char entropy[8];
     unsigned char ntlmv2hash[0x18];
 
-    result = Curl_rand(data, &entropy[0], 2);
+    result = Curl_rand(data, entropy, 8);
     if(result)
       return result;
 
@@ -572,15 +572,13 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
       return result;
 
     /* LMv2 response */
-    result = Curl_ntlm_core_mk_lmv2_resp(ntlmv2hash,
-                                         (unsigned char *)&entropy[0],
+    result = Curl_ntlm_core_mk_lmv2_resp(ntlmv2hash, entropy,
                                          &ntlm->nonce[0], lmresp);
     if(result)
       return result;
 
     /* NTLMv2 response */
-    result = Curl_ntlm_core_mk_ntlmv2_resp(ntlmv2hash,
-                                           (unsigned char *)&entropy[0],
+    result = Curl_ntlm_core_mk_ntlmv2_resp(ntlmv2hash, entropy,
                                            ntlm, &ntlmv2resp, &ntresplen);
     if(result)
       return result;
@@ -596,10 +594,10 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
     unsigned char ntbuffer[0x18];
     unsigned char tmp[0x18];
     unsigned char md5sum[MD5_DIGEST_LENGTH];
-    unsigned int entropy[2];
+    unsigned char entropy[8];
 
     /* Need to create 8 bytes random data */
-    result = Curl_rand(data, &entropy[0], 2);
+    result = Curl_rand(data, entropy, 8);
     if(result)
       return result;
author	Jay Satiro <raysatiro@yahoo.com>	2017-05-08 23:23:28 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2017-05-08 23:24:29 +0200
commit	1cafede9f2b4a838dfc80423415e60704b3346f9 (patch)
tree	d1c4fce4f046b820f51836747a09f6f227911c5b /lib/vauth/ntlm.c
parent	9e9509e46a9db909e4c0a2ce0ac1ef5c94fcb3a4 (diff)
download	curl-1cafede9f2b4a838dfc80423415e60704b3346f9.tar.gz