github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-07-05 04:26:10 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixed crash in rtsp module

Browse source
This commit is contained in:
van Hauser 2020-02-17 10:39:17 +01:00
parent 0b093e67c4
commit 5b6fc88428
14 changed files with 107 additions and 86 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGES
View file

@ -3,6 +3,7 @@ Changelog for hydra
Release 9.1-dev
* new module: smb2 which also supports smb3 (uses libsmbclient-dev) (thanks to Karim Kanso for the module!)
* rtsp: fixed crash in MD5 auth
* svn: updated to support past and new API
* http module now supports F=/S= string matching conditions (thanks to poucz@github)
* changed mysql module not to use mysql db as a default. if the user has not access to this db auth fails ...

6
hydra-http-proxy-urlenum.c
View file

@ -170,7 +170,7 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha
} else {
#ifdef LIBOPENSSL
if (hydra_strcasestr(buf, "Proxy-Authenticate: Digest") != NULL) {
char *pbuffer;
char *pbuffer, *result;
http_proxy_auth_mechanism = AUTH_DIGESTMD5;
pbuffer = hydra_strcasestr(buf, "Proxy-Authenticate: Digest ");
@ -178,8 +178,8 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha
buffer[sizeof(buffer) - 1] = '\0';
pbuffer = buffer2;
sasl_digest_md5(pbuffer, login, pass, buffer, miscptr, "proxy", host, 0, header);
if (pbuffer == NULL)
result = sasl_digest_md5(pbuffer, login, pass, buffer, miscptr, "proxy", host, 0, header);
if (result == NULL)
return 3;
if (debug)

6
hydra-http-proxy.c
View file

@ -179,7 +179,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
} else {
#ifdef LIBOPENSSL
if (hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest") != NULL) {
char *pbuffer;
char *pbuffer, *result;
http_proxy_auth_mechanism = AUTH_DIGESTMD5;
pbuffer = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest ");
@ -188,8 +188,8 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
pbuffer = NULL;
fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "proxy", host, 0, header);
if (fooptr == NULL)
result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "proxy", host, 0, header);
if (result == NULL)
return 3;
if (debug)

6
hydra-http.c
View file

@ -76,15 +76,15 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
#ifdef LIBOPENSSL
case AUTH_DIGESTMD5: {
char *pbuffer;
char *pbuffer, *result;
pbuffer = hydra_strcasestr(http_buf, "WWW-Authenticate: Digest ");
strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), buffer_size - 1);
buffer[buffer_size - 1] = '\0';
fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header);
if (fooptr == NULL) {
result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header);
if (result == NULL) {
free(buffer);
free(header);
return 3;

22
hydra-imap.c
View file

@ -41,7 +41,7 @@ char *imap_read_server_capacity(int32_t sock) {
}
int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *empty = "", *result = NULL;
char *login, *pass, buffer[500], buffer2[500], *fooptr;
if (strlen(login = hydra_get_next_login()) == 0)
@ -104,7 +104,8 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha
free(buf);
memset(buffer2, 0, sizeof(buffer2));
sasl_plain(buffer2, login, pass);
result = sasl_plain(buffer2, login, pass);
if (result == NULL) return 3;
sprintf(buffer, "%.250s\r\n", buffer2);
break;
@ -161,15 +162,18 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha
switch (imap_auth_mechanism) {
case AUTH_CRAMMD5: {
sasl_cram_md5(buffer2, pass, buffer);
result = sasl_cram_md5(buffer2, pass, buffer);
if (result == NULL) return 3;
sprintf(buffer, "%s %.250s", preplogin, buffer2);
} break;
case AUTH_CRAMSHA1: {
sasl_cram_sha1(buffer2, pass, buffer);
result = sasl_cram_sha1(buffer2, pass, buffer);
if (result == NULL) return 3;
sprintf(buffer, "%s %.250s", preplogin, buffer2);
} break;
case AUTH_CRAMSHA256: {
sasl_cram_sha256(buffer2, pass, buffer);
result = sasl_cram_sha256(buffer2, pass, buffer);
if (result == NULL) return 3;
sprintf(buffer, "%s %.250s", preplogin, buffer2);
} break;
}
@ -202,8 +206,8 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha
hydra_report(stderr, "DEBUG S: %s\n", buffer);
fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "imap", NULL, 0, NULL);
if (fooptr == NULL)
result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "imap", NULL, 0, NULL);
if (result == NULL)
return 3;
if (debug)
hydra_report(stderr, "DEBUG C: %s\n", buffer2);
@ -262,8 +266,8 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha
memset(buffer2, 0, sizeof(buffer2));
fooptr = buffer2;
sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage);
if (fooptr == NULL) {
result = sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage);
if (result == NULL) {
hydra_report(stderr, "[ERROR] Can't compute client response\n");
return 1;
}

10
hydra-ldap.c
View file

@ -8,7 +8,7 @@ int32_t counter;
int32_t tls_required = 0;
int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname, char version, int32_t auth_method) {
char *empty = "";
char *empty = "", *result = NULL;
char *login = "", *pass, *fooptr = "";
unsigned char buffer[512];
int32_t length = 0;
@ -123,8 +123,8 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha
ptr = strstr((char *)buf, "<");
fooptr = buf2;
sasl_cram_md5(fooptr, pass, ptr);
if (fooptr == NULL)
result = sasl_cram_md5(fooptr, pass, ptr);
if (result == NULL)
return 1;
counter++;
if (strstr(miscptr, "^USER^") != NULL) {
@ -180,8 +180,8 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha
}
fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, ptr, miscptr, "ldap", NULL, 0, NULL);
if (fooptr == NULL) {
result = sasl_digest_md5(fooptr, login, pass, ptr, miscptr, "ldap", NULL, 0, NULL);
if (result == NULL) {
free(buf);
return 3;
}

12
hydra-nntp.c
View file

@ -48,7 +48,7 @@ char *nntp_read_server_capacity(int32_t sock) {
}
int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "\"\"";
char *empty = "\"\"", *result = NULL;
char *login, *pass, buffer[500], buffer2[500], *fooptr;
int32_t i = 1;
@ -112,7 +112,8 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha
free(buf);
memset(buffer, 0, sizeof(buffer));
sasl_plain(buffer, login, pass);
result = sasl_plain(buffer, login, pass);
if (result == NULL) return 3;
char tmp_buffer[sizeof(buffer)];
sprintf(tmp_buffer, "%.250s\r\n", buffer);
@ -147,7 +148,8 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha
free(buf);
memset(buffer2, 0, sizeof(buffer2));
sasl_cram_md5(buffer2, pass, buffer);
result = sasl_cram_md5(buffer2, pass, buffer);
if (result == NULL) return 3;
sprintf(buffer, "%s %.250s", preplogin, buffer2);
hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer));
@ -178,8 +180,8 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha
if (debug)
hydra_report(stderr, "DEBUG S: %s\n", buffer);
fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL);
if (fooptr == NULL)
result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL);
if (result == NULL)
return 3;
if (debug)

18
hydra-pop3.c
View file

@ -118,7 +118,7 @@ char *pop3_read_server_capacity(int32_t sock) {
}
int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "\"\"";
char *empty = "\"\"", *result = NULL;
char *login, *pass, buffer[500], buffer2[500], *fooptr;
if (strlen(login = hydra_get_next_login()) == 0)
@ -202,7 +202,8 @@ int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, cha
free(buf);
memset(buffer, 0, sizeof(buffer));
sasl_plain(buffer, login, pass);
result = sasl_plain(buffer, login, pass);
if (result == NULL) return 3;
char tmp_buffer[sizeof(buffer)];
sprintf(tmp_buffer, "%.250s\r\n", buffer);
@ -263,15 +264,18 @@ int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, cha
switch (p->pop3_auth_mechanism) {
case AUTH_CRAMMD5: {
sasl_cram_md5(buffer2, pass, buffer);
result = sasl_cram_md5(buffer2, pass, buffer);
if (result == NULL) return 3;
sprintf(buffer, "%s %.250s", preplogin, buffer2);
} break;
case AUTH_CRAMSHA1: {
sasl_cram_sha1(buffer2, pass, buffer);
result = sasl_cram_sha1(buffer2, pass, buffer);
if (result == NULL) return 3;
sprintf(buffer, "%s %.250s", preplogin, buffer2);
} break;
case AUTH_CRAMSHA256: {
sasl_cram_sha256(buffer2, pass, buffer);
result = sasl_cram_sha256(buffer2, pass, buffer);
if (result == NULL) return 3;
sprintf(buffer, "%s %.250s", preplogin, buffer2);
} break;
}
@ -304,8 +308,8 @@ int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, cha
hydra_report(stderr, "[DEBUG] S: %s\n", buffer);
fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "pop", NULL, 0, NULL);
if (fooptr == NULL)
result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "pop", NULL, 0, NULL);
if (result == NULL)
return 3;
if (debug)

7
hydra-rtsp.c
View file

@ -116,22 +116,21 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha
}
} else {
if (use_Digest_Auth(lresp) == 1) {
char *dbuf = NULL;
char aux[500] = "";
char aux[500] = "", dbuf[500] = "", *result = NULL;
char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest ");
strncpy(aux, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(aux));
aux[sizeof(aux) - 1] = '\0';
free(lresp);
#ifdef LIBOPENSSL
sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, "");
result = sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, "");
#else
hydra_report(stderr, "[ERROR] Digest auth required but compiled "
"without OpenSSL/MD5 support\n");
return 3;
#endif
if (dbuf == NULL) {
if (result == NULL) {
hydra_report(stderr, "[ERROR] digest generation failed\n");
return 3;
}

5
hydra-sip.c
View file

@ -48,7 +48,7 @@ int32_t get_sip_code(char *buf) {
}
int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, unsigned char options, char *miscptr, FILE *fp) {
char *login, *pass, *host, buffer[SIP_MAX_BUF];
char *login, *pass, *host, buffer[SIP_MAX_BUF], *result = NULL;
int32_t i;
char buf[SIP_MAX_BUF];
@ -138,7 +138,8 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u
hydra_report(stderr, "[INFO] S: %s\n", buf);
char buffer2[512];
sasl_digest_md5(buffer2, login, pass, strstr(buf, "WWW-Authenticate: Digest") + strlen("WWW-Authenticate: Digest") + 1, host, "sip", NULL, 0, NULL);
result = sasl_digest_md5(buffer2, login, pass, strstr(buf, "WWW-Authenticate: Digest") + strlen("WWW-Authenticate: Digest") + 1, host, "sip", NULL, 0, NULL);
if (result == NULL) return 3;
memset(buffer, 0, SIP_MAX_BUF);
snprintf(buffer, SIP_MAX_BUF,

12
hydra-smtp.c
View file

@ -37,7 +37,7 @@ char *smtp_read_server_capacity(int32_t sock) {
}
int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "";
char *empty = "", *result = NULL;
char *login, *pass, buffer[500], buffer2[500], *fooptr, *buf;
if (strlen(login = hydra_get_next_login()) == 0)
@ -67,7 +67,8 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha
free(buf);
memset(buffer, 0, sizeof(buffer));
sasl_plain(buffer, login, pass);
result = sasl_plain(buffer, login, pass);
if (result == NULL) return 3;
char tmp_buffer[sizeof(buffer)];
sprintf(tmp_buffer, "%.250s\r\n", buffer);
@ -102,7 +103,8 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha
free(buf);
memset(buffer2, 0, sizeof(buffer2));
sasl_cram_md5(buffer2, pass, buffer);
result = sasl_cram_md5(buffer2, pass, buffer);
if (result == NULL) return 3;
sprintf(buffer, "%s %.250s", preplogin, buffer2);
hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer));
@ -135,8 +137,8 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha
hydra_report(stderr, "DEBUG S: %s\n", buffer);
fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "smtp", NULL, 0, NULL);
if (fooptr == NULL)
result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "smtp", NULL, 0, NULL);
if (result == NULL)
return 3;
if (debug)

16
hydra-xmpp.c
View file

@ -13,7 +13,7 @@ char *JABBER_CLIENT_INIT_END_STR = "' xmlns='jabber:client' xmlns:stream='http:/
"version='1.0'>";
int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "\"\"";
char *empty = "\"\"", *result = NULL;
char *login, *pass, buffer[500], buffer2[500];
char *AUTH_STR = "<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='";
char *AUTH_STR_END = "'/>";
@ -125,7 +125,8 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha
#ifdef LIBOPENSSL
case AUTH_PLAIN: {
memset(buffer2, 0, sizeof(buffer));
sasl_plain(buffer2, login, pass);
result = sasl_plain(buffer2, login, pass);
if (result == NULL) return 3;
sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
if (debug)
hydra_report(stderr, "DEBUG C: %s\n", buffer);
@ -136,7 +137,8 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha
char *preplogin;
memset(buffer2, 0, sizeof(buffer2));
sasl_cram_md5(buffer2, pass, buffer);
result = sasl_cram_md5(buffer2, pass, buffer);
if (result == NULL) return 3;
rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) {
@ -156,8 +158,8 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha
case AUTH_DIGESTMD5: {
memset(buffer2, 0, sizeof(buffer2));
fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, domain, "xmpp", NULL, 0, NULL);
if (fooptr == NULL) {
result = sasl_digest_md5(fooptr, login, pass, buffer, domain, "xmpp", NULL, 0, NULL);
if (result == NULL) {
free(buf);
return 3;
}
@ -217,8 +219,8 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha
memset(buffer2, 0, sizeof(buffer2));
fooptr = buffer2;
sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage);
if (fooptr == NULL) {
result = sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage);
if (result == NULL) {
hydra_report(stderr, "[ERROR] Can't compute client response\n");
free(buf);
return 1;

60
sasl.c
View file

@ -68,20 +68,20 @@ sasl_plain computes the plain authentication from strings login and password
and stored the value in variable result
the first parameter result must be able to hold at least 255 bytes!
*/
void sasl_plain(char *result, char *login, char *pass) {
char *sasl_plain(char *result, char *login, char *pass) {
char *preplogin;
char *preppasswd;
int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
if (rc) {
result = NULL;
return;
return result;
}
rc = sasl_saslprep(pass, 0, &preppasswd);
if (rc) {
free(preplogin);
result = NULL;
return;
return result;
}
if (2 * strlen(preplogin) + 3 + strlen(preppasswd) < 180) {
strcpy(result, preplogin);
@ -91,6 +91,7 @@ void sasl_plain(char *result, char *login, char *pass) {
}
free(preplogin);
free(preppasswd);
return result;
}
#ifdef LIBOPENSSL
@ -102,7 +103,7 @@ and the challenge sent by the server, and stored the value in variable
result
the parameter result must be able to hold at least 100 bytes!
*/
void sasl_cram_md5(char *result, char *pass, char *challenge) {
char *sasl_cram_md5(char *result, char *pass, char *challenge) {
char ipad[64];
char opad[64];
unsigned char md5_raw[MD5_DIGEST_LENGTH];
@ -112,12 +113,12 @@ void sasl_cram_md5(char *result, char *pass, char *challenge) {
if (challenge == NULL) {
result = NULL;
return;
return result;
}
rc = sasl_saslprep(pass, 0, &preppasswd);
if (rc) {
result = NULL;
return;
return result;
}
memset(ipad, 0, sizeof(ipad));
memset(opad, 0, sizeof(opad));
@ -148,6 +149,7 @@ void sasl_cram_md5(char *result, char *pass, char *challenge) {
result += 2;
}
free(preppasswd);
return result;
}
/*
@ -156,7 +158,7 @@ and the challenge sent by the server, and stored the value in variable
result
the parameter result must be able to hold at least 100 bytes!
*/
void sasl_cram_sha1(char *result, char *pass, char *challenge) {
char *sasl_cram_sha1(char *result, char *pass, char *challenge) {
char ipad[64];
char opad[64];
unsigned char sha1_raw[SHA_DIGEST_LENGTH];
@ -166,12 +168,12 @@ void sasl_cram_sha1(char *result, char *pass, char *challenge) {
if (challenge == NULL) {
result = NULL;
return;
return result;
}
rc = sasl_saslprep(pass, 0, &preppasswd);
if (rc) {
result = NULL;
return;
return result;
}
memset(ipad, 0, sizeof(ipad));
memset(opad, 0, sizeof(opad));
@ -202,6 +204,7 @@ void sasl_cram_sha1(char *result, char *pass, char *challenge) {
result += 2;
}
free(preppasswd);
return result;
}
/*
@ -210,7 +213,7 @@ and the challenge sent by the server, and stored the value in variable
result
the parameter result must be able to hold at least 100 bytes!
*/
void sasl_cram_sha256(char *result, char *pass, char *challenge) {
char *sasl_cram_sha256(char *result, char *pass, char *challenge) {
char ipad[64];
char opad[64];
unsigned char sha256_raw[SHA256_DIGEST_LENGTH];
@ -220,14 +223,14 @@ void sasl_cram_sha256(char *result, char *pass, char *challenge) {
if (challenge == NULL) {
result = NULL;
return;
return result;
}
memset(ipad, 0, sizeof(ipad));
memset(opad, 0, sizeof(opad));
rc = sasl_saslprep(pass, 0, &preppasswd);
if (rc) {
result = NULL;
return;
return result;
}
if (strlen(preppasswd) >= 64) {
SHA256_Init(&sha256c);
@ -256,13 +259,14 @@ void sasl_cram_sha256(char *result, char *pass, char *challenge) {
result += 2;
}
free(preppasswd);
return result;
}
/*
RFC 2831: Using Digest Authentication as a SASL Mechanism
the parameter result must be able to hold at least 500 bytes!!
*/
void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int32_t webport, char *header) {
char *sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int32_t webport, char *header) {
char *pbuffer = NULL;
int32_t array_size = 10;
unsigned char response[MD5_DIGEST_LENGTH];
@ -277,13 +281,13 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *
memset(realm, 0, sizeof(realm));
if (rc) {
result = NULL;
return;
return result;
}
rc = sasl_saslprep(pass, 0, &preppasswd);
if (rc) {
free(preplogin);
result = NULL;
return;
return result;
}
// DEBUG S:
// nonce="HB3HGAk+hxKpijy/ichq7Wob3Zo17LPM9rr4kMX7xRM=",realm="tida",qop="auth",maxbuf=4096,charset=utf-8,algorithm=md5-sess
@ -344,7 +348,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *
free(array[j]);
hydra_report(stderr, "Error: DIGEST-MD5 nonce from server could not be extracted\n");
result = NULL;
return;
return result;
}
} else {
strncpy(nonce, strstr(array[i], "nonce=") + strlen("nonce="), sizeof(nonce) - 1);
@ -367,7 +371,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *
free(array[i]);
hydra_report(stderr, "Error: DIGEST-MD5 realm from server could not be extracted\n");
result = NULL;
return;
return result;
}
} else {
strncpy(realm, strstr(array[i], "realm=") + strlen("realm="), sizeof(realm) - 1);
@ -390,7 +394,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *
hydra_report(stderr, "Error: DIGEST-MD5 quality of protection only "
"authentication is not supported by server\n");
result = NULL;
return;
return result;
}
}
if (strstr(array[i], "algorithm=") != NULL) {
@ -410,7 +414,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *
hydra_report(stderr, "Error: DIGEST-MD5 algorithm from server could "
"not be extracted\n");
result = NULL;
return;
return result;
}
} else {
strncpy(algo, strstr(array[i], "algorithm=") + strlen("algorithm="), sizeof(algo) - 1);
@ -424,7 +428,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *
free(array[j]);
hydra_report(stderr, "Error: DIGEST-MD5 algorithm not based on md5, based on %s\n", algo);
result = NULL;
return;
return result;
}
}
free(array[i]);
@ -575,6 +579,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *
}
free(preplogin);
free(preppasswd);
return result;
}
/*
@ -584,7 +589,7 @@ I want to thx Simon Josefsson for his public server test,
and my girlfriend that let me work on that 2 whole nights ;)
clientfirstmessagebare must be at least 500 bytes in size!
*/
void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage) {
char *sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage) {
int32_t saltlen = 0;
int32_t iter = 4096;
char *salt, *nonce, *ic;
@ -603,7 +608,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha
if (rc) {
result = NULL;
return;
return result;
}
/*client-final-message */
@ -614,7 +619,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha
hydra_report(stderr, "Error: Can't understand server message\n");
free(preppasswd);
result = NULL;
return;
return result;
}
strncpy(buffer, serverfirstmessage, sizeof(buffer) - 1);
buffer[sizeof(buffer) - 1] = '\0';
@ -627,7 +632,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha
hydra_report(stderr, "Error: Can't understand server response\n");
free(preppasswd);
result = NULL;
return;
return result;
}
if ((nonce != NULL) && (strlen(nonce) > 2))
snprintf(clientfinalmessagewithoutproof, sizeof(clientfinalmessagewithoutproof), "c=biws,%s", nonce);
@ -635,7 +640,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha
hydra_report(stderr, "Error: Could not identify server nonce value\n");
free(preppasswd);
result = NULL;
return;
return result;
}
if ((salt != NULL) && (strlen(salt) > 2) && (strlen(salt) <= sizeof(buffer)))
// s=ghgIAfLl1+yUy/Xl1WD5Tw== remove the header s=
@ -644,7 +649,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha
hydra_report(stderr, "Error: Could not identify server salt value\n");
free(preppasswd);
result = NULL;
return;
return result;
}
/* SaltedPassword := Hi(Normalize(password), salt, i) */
@ -653,7 +658,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha
hydra_report(stderr, "Error: Failed to generate PBKDF2\n");
free(preppasswd);
result = NULL;
return;
return result;
}
/* ClientKey := HMAC(SaltedPassword, "Client Key") */
@ -674,5 +679,6 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha
if (debug)
hydra_report(stderr, "DEBUG C: %s\n", result);
free(preppasswd);
return result;
}
#endif

12
sasl.h
View file

@ -32,7 +32,7 @@ typedef enum { SASL_ALLOW_UNASSIGNED = 1 } sasl_saslprep_flags;
int32_t print_hex(unsigned char *buf, int32_t len);
void sasl_plain(char *result, char *login, char *pass);
char* sasl_plain(char *result, char *login, char *pass);
int32_t sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out);
#ifdef LIBOPENSSL
@ -40,9 +40,9 @@ int32_t sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out);
#include <openssl/md5.h>
#include <openssl/sha.h>
void sasl_cram_md5(char *result, char *pass, char *challenge);
void sasl_cram_sha1(char *result, char *pass, char *challenge);
void sasl_cram_sha256(char *result, char *pass, char *challenge);
void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int32_t webport, char *header);
void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage);
char* sasl_cram_md5(char *result, char *pass, char *challenge);
char* sasl_cram_sha1(char *result, char *pass, char *challenge);
char* sasl_cram_sha256(char *result, char *pass, char *challenge);
char* sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int32_t webport, char *header);
char* sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage);
#endif