From 5b6fc88428102ca5aa68f15660c747d07cc944f9 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 17 Feb 2020 10:39:17 +0100 Subject: [PATCH] fixed crash in rtsp module --- CHANGES | 1 + hydra-http-proxy-urlenum.c | 6 ++-- hydra-http-proxy.c | 6 ++-- hydra-http.c | 6 ++-- hydra-imap.c | 22 ++++++++------ hydra-ldap.c | 10 +++---- hydra-nntp.c | 12 ++++---- hydra-pop3.c | 18 +++++++----- hydra-rtsp.c | 7 ++--- hydra-sip.c | 5 ++-- hydra-smtp.c | 12 ++++---- hydra-xmpp.c | 16 +++++----- sasl.c | 60 +++++++++++++++++++++----------------- sasl.h | 12 ++++---- 14 files changed, 107 insertions(+), 86 deletions(-) diff --git a/CHANGES b/CHANGES index 3979a1d..9b7c11f 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,7 @@ Changelog for hydra Release 9.1-dev * new module: smb2 which also supports smb3 (uses libsmbclient-dev) (thanks to Karim Kanso for the module!) +* rtsp: fixed crash in MD5 auth * svn: updated to support past and new API * http module now supports F=/S= string matching conditions (thanks to poucz@github) * changed mysql module not to use mysql db as a default. if the user has not access to this db auth fails ... diff --git a/hydra-http-proxy-urlenum.c b/hydra-http-proxy-urlenum.c index 2f00ae5..434b4e4 100644 --- a/hydra-http-proxy-urlenum.c +++ b/hydra-http-proxy-urlenum.c @@ -170,7 +170,7 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha } else { #ifdef LIBOPENSSL if (hydra_strcasestr(buf, "Proxy-Authenticate: Digest") != NULL) { - char *pbuffer; + char *pbuffer, *result; http_proxy_auth_mechanism = AUTH_DIGESTMD5; pbuffer = hydra_strcasestr(buf, "Proxy-Authenticate: Digest "); @@ -178,8 +178,8 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha buffer[sizeof(buffer) - 1] = '\0'; pbuffer = buffer2; - sasl_digest_md5(pbuffer, login, pass, buffer, miscptr, "proxy", host, 0, header); - if (pbuffer == NULL) + result = sasl_digest_md5(pbuffer, login, pass, buffer, miscptr, "proxy", host, 0, header); + if (result == NULL) return 3; if (debug) diff --git a/hydra-http-proxy.c b/hydra-http-proxy.c index 0e07d9b..fa5638c 100644 --- a/hydra-http-proxy.c +++ b/hydra-http-proxy.c @@ -179,7 +179,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option } else { #ifdef LIBOPENSSL if (hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest") != NULL) { - char *pbuffer; + char *pbuffer, *result; http_proxy_auth_mechanism = AUTH_DIGESTMD5; pbuffer = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest "); @@ -188,8 +188,8 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option pbuffer = NULL; fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "proxy", host, 0, header); - if (fooptr == NULL) + result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "proxy", host, 0, header); + if (result == NULL) return 3; if (debug) diff --git a/hydra-http.c b/hydra-http.c index a1868bf..a269e71 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -76,15 +76,15 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha #ifdef LIBOPENSSL case AUTH_DIGESTMD5: { - char *pbuffer; + char *pbuffer, *result; pbuffer = hydra_strcasestr(http_buf, "WWW-Authenticate: Digest "); strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), buffer_size - 1); buffer[buffer_size - 1] = '\0'; fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header); - if (fooptr == NULL) { + result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header); + if (result == NULL) { free(buffer); free(header); return 3; diff --git a/hydra-imap.c b/hydra-imap.c index b93fc6e..20d1ea1 100644 --- a/hydra-imap.c +++ b/hydra-imap.c @@ -41,7 +41,7 @@ char *imap_read_server_capacity(int32_t sock) { } int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { - char *empty = ""; + char *empty = "", *result = NULL; char *login, *pass, buffer[500], buffer2[500], *fooptr; if (strlen(login = hydra_get_next_login()) == 0) @@ -104,7 +104,8 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha free(buf); memset(buffer2, 0, sizeof(buffer2)); - sasl_plain(buffer2, login, pass); + result = sasl_plain(buffer2, login, pass); + if (result == NULL) return 3; sprintf(buffer, "%.250s\r\n", buffer2); break; @@ -161,15 +162,18 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha switch (imap_auth_mechanism) { case AUTH_CRAMMD5: { - sasl_cram_md5(buffer2, pass, buffer); + result = sasl_cram_md5(buffer2, pass, buffer); + if (result == NULL) return 3; sprintf(buffer, "%s %.250s", preplogin, buffer2); } break; case AUTH_CRAMSHA1: { - sasl_cram_sha1(buffer2, pass, buffer); + result = sasl_cram_sha1(buffer2, pass, buffer); + if (result == NULL) return 3; sprintf(buffer, "%s %.250s", preplogin, buffer2); } break; case AUTH_CRAMSHA256: { - sasl_cram_sha256(buffer2, pass, buffer); + result = sasl_cram_sha256(buffer2, pass, buffer); + if (result == NULL) return 3; sprintf(buffer, "%s %.250s", preplogin, buffer2); } break; } @@ -202,8 +206,8 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha hydra_report(stderr, "DEBUG S: %s\n", buffer); fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "imap", NULL, 0, NULL); - if (fooptr == NULL) + result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "imap", NULL, 0, NULL); + if (result == NULL) return 3; if (debug) hydra_report(stderr, "DEBUG C: %s\n", buffer2); @@ -262,8 +266,8 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha memset(buffer2, 0, sizeof(buffer2)); fooptr = buffer2; - sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage); - if (fooptr == NULL) { + result = sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage); + if (result == NULL) { hydra_report(stderr, "[ERROR] Can't compute client response\n"); return 1; } diff --git a/hydra-ldap.c b/hydra-ldap.c index 4f79365..9e6f9cd 100644 --- a/hydra-ldap.c +++ b/hydra-ldap.c @@ -8,7 +8,7 @@ int32_t counter; int32_t tls_required = 0; int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname, char version, int32_t auth_method) { - char *empty = ""; + char *empty = "", *result = NULL; char *login = "", *pass, *fooptr = ""; unsigned char buffer[512]; int32_t length = 0; @@ -123,8 +123,8 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha ptr = strstr((char *)buf, "<"); fooptr = buf2; - sasl_cram_md5(fooptr, pass, ptr); - if (fooptr == NULL) + result = sasl_cram_md5(fooptr, pass, ptr); + if (result == NULL) return 1; counter++; if (strstr(miscptr, "^USER^") != NULL) { @@ -180,8 +180,8 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha } fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, ptr, miscptr, "ldap", NULL, 0, NULL); - if (fooptr == NULL) { + result = sasl_digest_md5(fooptr, login, pass, ptr, miscptr, "ldap", NULL, 0, NULL); + if (result == NULL) { free(buf); return 3; } diff --git a/hydra-nntp.c b/hydra-nntp.c index c3622c2..c06a7ac 100644 --- a/hydra-nntp.c +++ b/hydra-nntp.c @@ -48,7 +48,7 @@ char *nntp_read_server_capacity(int32_t sock) { } int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { - char *empty = "\"\""; + char *empty = "\"\"", *result = NULL; char *login, *pass, buffer[500], buffer2[500], *fooptr; int32_t i = 1; @@ -112,7 +112,8 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha free(buf); memset(buffer, 0, sizeof(buffer)); - sasl_plain(buffer, login, pass); + result = sasl_plain(buffer, login, pass); + if (result == NULL) return 3; char tmp_buffer[sizeof(buffer)]; sprintf(tmp_buffer, "%.250s\r\n", buffer); @@ -147,7 +148,8 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha free(buf); memset(buffer2, 0, sizeof(buffer2)); - sasl_cram_md5(buffer2, pass, buffer); + result = sasl_cram_md5(buffer2, pass, buffer); + if (result == NULL) return 3; sprintf(buffer, "%s %.250s", preplogin, buffer2); hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer)); @@ -178,8 +180,8 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha if (debug) hydra_report(stderr, "DEBUG S: %s\n", buffer); fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL); - if (fooptr == NULL) + result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL); + if (result == NULL) return 3; if (debug) diff --git a/hydra-pop3.c b/hydra-pop3.c index 78f29bc..2b453c1 100644 --- a/hydra-pop3.c +++ b/hydra-pop3.c @@ -118,7 +118,7 @@ char *pop3_read_server_capacity(int32_t sock) { } int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { - char *empty = "\"\""; + char *empty = "\"\"", *result = NULL; char *login, *pass, buffer[500], buffer2[500], *fooptr; if (strlen(login = hydra_get_next_login()) == 0) @@ -202,7 +202,8 @@ int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, cha free(buf); memset(buffer, 0, sizeof(buffer)); - sasl_plain(buffer, login, pass); + result = sasl_plain(buffer, login, pass); + if (result == NULL) return 3; char tmp_buffer[sizeof(buffer)]; sprintf(tmp_buffer, "%.250s\r\n", buffer); @@ -263,15 +264,18 @@ int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, cha switch (p->pop3_auth_mechanism) { case AUTH_CRAMMD5: { - sasl_cram_md5(buffer2, pass, buffer); + result = sasl_cram_md5(buffer2, pass, buffer); + if (result == NULL) return 3; sprintf(buffer, "%s %.250s", preplogin, buffer2); } break; case AUTH_CRAMSHA1: { - sasl_cram_sha1(buffer2, pass, buffer); + result = sasl_cram_sha1(buffer2, pass, buffer); + if (result == NULL) return 3; sprintf(buffer, "%s %.250s", preplogin, buffer2); } break; case AUTH_CRAMSHA256: { - sasl_cram_sha256(buffer2, pass, buffer); + result = sasl_cram_sha256(buffer2, pass, buffer); + if (result == NULL) return 3; sprintf(buffer, "%s %.250s", preplogin, buffer2); } break; } @@ -304,8 +308,8 @@ int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, cha hydra_report(stderr, "[DEBUG] S: %s\n", buffer); fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "pop", NULL, 0, NULL); - if (fooptr == NULL) + result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "pop", NULL, 0, NULL); + if (result == NULL) return 3; if (debug) diff --git a/hydra-rtsp.c b/hydra-rtsp.c index 5eb4166..1bc6f4d 100644 --- a/hydra-rtsp.c +++ b/hydra-rtsp.c @@ -116,22 +116,21 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha } } else { if (use_Digest_Auth(lresp) == 1) { - char *dbuf = NULL; - char aux[500] = ""; + char aux[500] = "", dbuf[500] = "", *result = NULL; char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest "); strncpy(aux, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(aux)); aux[sizeof(aux) - 1] = '\0'; free(lresp); #ifdef LIBOPENSSL - sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, ""); + result = sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, ""); #else hydra_report(stderr, "[ERROR] Digest auth required but compiled " "without OpenSSL/MD5 support\n"); return 3; #endif - if (dbuf == NULL) { + if (result == NULL) { hydra_report(stderr, "[ERROR] digest generation failed\n"); return 3; } diff --git a/hydra-sip.c b/hydra-sip.c index eab654e..954d03c 100644 --- a/hydra-sip.c +++ b/hydra-sip.c @@ -48,7 +48,7 @@ int32_t get_sip_code(char *buf) { } int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, unsigned char options, char *miscptr, FILE *fp) { - char *login, *pass, *host, buffer[SIP_MAX_BUF]; + char *login, *pass, *host, buffer[SIP_MAX_BUF], *result = NULL; int32_t i; char buf[SIP_MAX_BUF]; @@ -138,7 +138,8 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u hydra_report(stderr, "[INFO] S: %s\n", buf); char buffer2[512]; - sasl_digest_md5(buffer2, login, pass, strstr(buf, "WWW-Authenticate: Digest") + strlen("WWW-Authenticate: Digest") + 1, host, "sip", NULL, 0, NULL); + result = sasl_digest_md5(buffer2, login, pass, strstr(buf, "WWW-Authenticate: Digest") + strlen("WWW-Authenticate: Digest") + 1, host, "sip", NULL, 0, NULL); + if (result == NULL) return 3; memset(buffer, 0, SIP_MAX_BUF); snprintf(buffer, SIP_MAX_BUF, diff --git a/hydra-smtp.c b/hydra-smtp.c index 97b2bab..f6f1ac2 100644 --- a/hydra-smtp.c +++ b/hydra-smtp.c @@ -37,7 +37,7 @@ char *smtp_read_server_capacity(int32_t sock) { } int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { - char *empty = ""; + char *empty = "", *result = NULL; char *login, *pass, buffer[500], buffer2[500], *fooptr, *buf; if (strlen(login = hydra_get_next_login()) == 0) @@ -67,7 +67,8 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha free(buf); memset(buffer, 0, sizeof(buffer)); - sasl_plain(buffer, login, pass); + result = sasl_plain(buffer, login, pass); + if (result == NULL) return 3; char tmp_buffer[sizeof(buffer)]; sprintf(tmp_buffer, "%.250s\r\n", buffer); @@ -102,7 +103,8 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha free(buf); memset(buffer2, 0, sizeof(buffer2)); - sasl_cram_md5(buffer2, pass, buffer); + result = sasl_cram_md5(buffer2, pass, buffer); + if (result == NULL) return 3; sprintf(buffer, "%s %.250s", preplogin, buffer2); hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer)); @@ -135,8 +137,8 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha hydra_report(stderr, "DEBUG S: %s\n", buffer); fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "smtp", NULL, 0, NULL); - if (fooptr == NULL) + result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "smtp", NULL, 0, NULL); + if (result == NULL) return 3; if (debug) diff --git a/hydra-xmpp.c b/hydra-xmpp.c index aa4ea2f..dd7c2f9 100644 --- a/hydra-xmpp.c +++ b/hydra-xmpp.c @@ -13,7 +13,7 @@ char *JABBER_CLIENT_INIT_END_STR = "' xmlns='jabber:client' xmlns:stream='http:/ "version='1.0'>"; int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { - char *empty = "\"\""; + char *empty = "\"\"", *result = NULL; char *login, *pass, buffer[500], buffer2[500]; char *AUTH_STR = ""; @@ -125,7 +125,8 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha #ifdef LIBOPENSSL case AUTH_PLAIN: { memset(buffer2, 0, sizeof(buffer)); - sasl_plain(buffer2, login, pass); + result = sasl_plain(buffer2, login, pass); + if (result == NULL) return 3; sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); if (debug) hydra_report(stderr, "DEBUG C: %s\n", buffer); @@ -136,7 +137,8 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha char *preplogin; memset(buffer2, 0, sizeof(buffer2)); - sasl_cram_md5(buffer2, pass, buffer); + result = sasl_cram_md5(buffer2, pass, buffer); + if (result == NULL) return 3; rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); if (rc) { @@ -156,8 +158,8 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha case AUTH_DIGESTMD5: { memset(buffer2, 0, sizeof(buffer2)); fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, domain, "xmpp", NULL, 0, NULL); - if (fooptr == NULL) { + result = sasl_digest_md5(fooptr, login, pass, buffer, domain, "xmpp", NULL, 0, NULL); + if (result == NULL) { free(buf); return 3; } @@ -217,8 +219,8 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha memset(buffer2, 0, sizeof(buffer2)); fooptr = buffer2; - sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage); - if (fooptr == NULL) { + result = sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage); + if (result == NULL) { hydra_report(stderr, "[ERROR] Can't compute client response\n"); free(buf); return 1; diff --git a/sasl.c b/sasl.c index 7470743..1a421b1 100644 --- a/sasl.c +++ b/sasl.c @@ -68,20 +68,20 @@ sasl_plain computes the plain authentication from strings login and password and stored the value in variable result the first parameter result must be able to hold at least 255 bytes! */ -void sasl_plain(char *result, char *login, char *pass) { +char *sasl_plain(char *result, char *login, char *pass) { char *preplogin; char *preppasswd; int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); if (rc) { result = NULL; - return; + return result; } rc = sasl_saslprep(pass, 0, &preppasswd); if (rc) { free(preplogin); result = NULL; - return; + return result; } if (2 * strlen(preplogin) + 3 + strlen(preppasswd) < 180) { strcpy(result, preplogin); @@ -91,6 +91,7 @@ void sasl_plain(char *result, char *login, char *pass) { } free(preplogin); free(preppasswd); + return result; } #ifdef LIBOPENSSL @@ -102,7 +103,7 @@ and the challenge sent by the server, and stored the value in variable result the parameter result must be able to hold at least 100 bytes! */ -void sasl_cram_md5(char *result, char *pass, char *challenge) { +char *sasl_cram_md5(char *result, char *pass, char *challenge) { char ipad[64]; char opad[64]; unsigned char md5_raw[MD5_DIGEST_LENGTH]; @@ -112,12 +113,12 @@ void sasl_cram_md5(char *result, char *pass, char *challenge) { if (challenge == NULL) { result = NULL; - return; + return result; } rc = sasl_saslprep(pass, 0, &preppasswd); if (rc) { result = NULL; - return; + return result; } memset(ipad, 0, sizeof(ipad)); memset(opad, 0, sizeof(opad)); @@ -148,6 +149,7 @@ void sasl_cram_md5(char *result, char *pass, char *challenge) { result += 2; } free(preppasswd); + return result; } /* @@ -156,7 +158,7 @@ and the challenge sent by the server, and stored the value in variable result the parameter result must be able to hold at least 100 bytes! */ -void sasl_cram_sha1(char *result, char *pass, char *challenge) { +char *sasl_cram_sha1(char *result, char *pass, char *challenge) { char ipad[64]; char opad[64]; unsigned char sha1_raw[SHA_DIGEST_LENGTH]; @@ -166,12 +168,12 @@ void sasl_cram_sha1(char *result, char *pass, char *challenge) { if (challenge == NULL) { result = NULL; - return; + return result; } rc = sasl_saslprep(pass, 0, &preppasswd); if (rc) { result = NULL; - return; + return result; } memset(ipad, 0, sizeof(ipad)); memset(opad, 0, sizeof(opad)); @@ -202,6 +204,7 @@ void sasl_cram_sha1(char *result, char *pass, char *challenge) { result += 2; } free(preppasswd); + return result; } /* @@ -210,7 +213,7 @@ and the challenge sent by the server, and stored the value in variable result the parameter result must be able to hold at least 100 bytes! */ -void sasl_cram_sha256(char *result, char *pass, char *challenge) { +char *sasl_cram_sha256(char *result, char *pass, char *challenge) { char ipad[64]; char opad[64]; unsigned char sha256_raw[SHA256_DIGEST_LENGTH]; @@ -220,14 +223,14 @@ void sasl_cram_sha256(char *result, char *pass, char *challenge) { if (challenge == NULL) { result = NULL; - return; + return result; } memset(ipad, 0, sizeof(ipad)); memset(opad, 0, sizeof(opad)); rc = sasl_saslprep(pass, 0, &preppasswd); if (rc) { result = NULL; - return; + return result; } if (strlen(preppasswd) >= 64) { SHA256_Init(&sha256c); @@ -256,13 +259,14 @@ void sasl_cram_sha256(char *result, char *pass, char *challenge) { result += 2; } free(preppasswd); + return result; } /* RFC 2831: Using Digest Authentication as a SASL Mechanism the parameter result must be able to hold at least 500 bytes!! */ -void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int32_t webport, char *header) { +char *sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int32_t webport, char *header) { char *pbuffer = NULL; int32_t array_size = 10; unsigned char response[MD5_DIGEST_LENGTH]; @@ -277,13 +281,13 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * memset(realm, 0, sizeof(realm)); if (rc) { result = NULL; - return; + return result; } rc = sasl_saslprep(pass, 0, &preppasswd); if (rc) { free(preplogin); result = NULL; - return; + return result; } // DEBUG S: // nonce="HB3HGAk+hxKpijy/ichq7Wob3Zo17LPM9rr4kMX7xRM=",realm="tida",qop="auth",maxbuf=4096,charset=utf-8,algorithm=md5-sess @@ -344,7 +348,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * free(array[j]); hydra_report(stderr, "Error: DIGEST-MD5 nonce from server could not be extracted\n"); result = NULL; - return; + return result; } } else { strncpy(nonce, strstr(array[i], "nonce=") + strlen("nonce="), sizeof(nonce) - 1); @@ -367,7 +371,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * free(array[i]); hydra_report(stderr, "Error: DIGEST-MD5 realm from server could not be extracted\n"); result = NULL; - return; + return result; } } else { strncpy(realm, strstr(array[i], "realm=") + strlen("realm="), sizeof(realm) - 1); @@ -390,7 +394,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * hydra_report(stderr, "Error: DIGEST-MD5 quality of protection only " "authentication is not supported by server\n"); result = NULL; - return; + return result; } } if (strstr(array[i], "algorithm=") != NULL) { @@ -410,7 +414,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * hydra_report(stderr, "Error: DIGEST-MD5 algorithm from server could " "not be extracted\n"); result = NULL; - return; + return result; } } else { strncpy(algo, strstr(array[i], "algorithm=") + strlen("algorithm="), sizeof(algo) - 1); @@ -424,7 +428,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * free(array[j]); hydra_report(stderr, "Error: DIGEST-MD5 algorithm not based on md5, based on %s\n", algo); result = NULL; - return; + return result; } } free(array[i]); @@ -575,6 +579,7 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * } free(preplogin); free(preppasswd); + return result; } /* @@ -584,7 +589,7 @@ I want to thx Simon Josefsson for his public server test, and my girlfriend that let me work on that 2 whole nights ;) clientfirstmessagebare must be at least 500 bytes in size! */ -void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage) { +char *sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage) { int32_t saltlen = 0; int32_t iter = 4096; char *salt, *nonce, *ic; @@ -603,7 +608,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha if (rc) { result = NULL; - return; + return result; } /*client-final-message */ @@ -614,7 +619,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha hydra_report(stderr, "Error: Can't understand server message\n"); free(preppasswd); result = NULL; - return; + return result; } strncpy(buffer, serverfirstmessage, sizeof(buffer) - 1); buffer[sizeof(buffer) - 1] = '\0'; @@ -627,7 +632,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha hydra_report(stderr, "Error: Can't understand server response\n"); free(preppasswd); result = NULL; - return; + return result; } if ((nonce != NULL) && (strlen(nonce) > 2)) snprintf(clientfinalmessagewithoutproof, sizeof(clientfinalmessagewithoutproof), "c=biws,%s", nonce); @@ -635,7 +640,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha hydra_report(stderr, "Error: Could not identify server nonce value\n"); free(preppasswd); result = NULL; - return; + return result; } if ((salt != NULL) && (strlen(salt) > 2) && (strlen(salt) <= sizeof(buffer))) // s=ghgIAfLl1+yUy/Xl1WD5Tw== remove the header s= @@ -644,7 +649,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha hydra_report(stderr, "Error: Could not identify server salt value\n"); free(preppasswd); result = NULL; - return; + return result; } /* SaltedPassword := Hi(Normalize(password), salt, i) */ @@ -653,7 +658,7 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha hydra_report(stderr, "Error: Failed to generate PBKDF2\n"); free(preppasswd); result = NULL; - return; + return result; } /* ClientKey := HMAC(SaltedPassword, "Client Key") */ @@ -674,5 +679,6 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha if (debug) hydra_report(stderr, "DEBUG C: %s\n", result); free(preppasswd); + return result; } #endif diff --git a/sasl.h b/sasl.h index 01da091..e42299f 100644 --- a/sasl.h +++ b/sasl.h @@ -32,7 +32,7 @@ typedef enum { SASL_ALLOW_UNASSIGNED = 1 } sasl_saslprep_flags; int32_t print_hex(unsigned char *buf, int32_t len); -void sasl_plain(char *result, char *login, char *pass); +char* sasl_plain(char *result, char *login, char *pass); int32_t sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out); #ifdef LIBOPENSSL @@ -40,9 +40,9 @@ int32_t sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out); #include #include -void sasl_cram_md5(char *result, char *pass, char *challenge); -void sasl_cram_sha1(char *result, char *pass, char *challenge); -void sasl_cram_sha256(char *result, char *pass, char *challenge); -void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int32_t webport, char *header); -void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage); +char* sasl_cram_md5(char *result, char *pass, char *challenge); +char* sasl_cram_sha1(char *result, char *pass, char *challenge); +char* sasl_cram_sha256(char *result, char *pass, char *challenge); +char* sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int32_t webport, char *header); +char* sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage); #endif