NTLM Auth type3flags set after array is copied (#132)

Signed-off-by: jmehrens jason_mehrens@hotmail.com
eclipse-ee4j · Feb 16, 2024 · 57bf854 · 57bf854
1 parent 9cd659c
commit 57bf854
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 27 deletions.
diff --git a/core/src/main/java/org/eclipse/angus/mail/auth/Ntlm.java b/core/src/main/java/org/eclipse/angus/mail/auth/Ntlm.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2023 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2024 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
@@ -54,14 +54,14 @@ public class Ntlm {
     private SecretKeyFactory fac;
     private Cipher cipher;
     private MD4 md4;
-    private String hostname;
-    private String ntdomain;
-    private String username;
-    private String password;
+    private final String hostname;
+    private final String ntdomain;
+    private final String username;
+    private final String password;
 
     private Mac hmac;
 
-    private MailLogger logger;
+    private final MailLogger logger;
 
     // NTLM flags, as defined in Microsoft NTLM spec
     // https://msdn.microsoft.com/en-us/library/cc236621.aspx
@@ -105,7 +105,7 @@ private void init0() {
             cipher = Cipher.getInstance("DES/ECB/NoPadding");
             md4 = new MD4();
         } catch (NoSuchPaddingException | NoSuchAlgorithmException e) {
-            assert false;
+            assert false : e;
         }
     }
 
@@ -149,7 +149,7 @@ private void copybytes(byte[] dest, int destpos, String src, String enc) {
             byte[] x = src.getBytes(enc);
             System.arraycopy(x, 0, dest, destpos, x.length);
         } catch (UnsupportedEncodingException e) {
-            assert false;
+            assert false : e;
         }
     }
 
@@ -189,8 +189,8 @@ public String generateType1Msg(int flags, boolean v2) {
         if (logger.isLoggable(Level.FINE))
             logger.fine("type 1 message: " + toHex(msg));
 
-        String result = null;
-        result = new String(Base64.getEncoder().encode(msg), StandardCharsets.ISO_8859_1);
+        String result = new String(Base64.getEncoder().encode(msg),
+                StandardCharsets.ISO_8859_1);
         return result;
     }
 
@@ -223,7 +223,7 @@ private byte[] hmacMD5(byte[] key, byte[] text) {
             if (hmac == null)
                 hmac = Mac.getInstance("HmacMD5");
         } catch (NoSuchAlgorithmException ex) {
-            throw new AssertionError();
+            throw new AssertionError(ex);
         }
         try {
             byte[] nk = new byte[16];
@@ -232,15 +232,15 @@ private byte[] hmacMD5(byte[] key, byte[] text) {
             hmac.init(skey);
             return hmac.doFinal(text);
         } catch (InvalidKeyException | RuntimeException ex) {
-            assert false;
+            assert false : ex;
         }
         return null;
     }
 
     private byte[] calcLMHash() throws GeneralSecurityException {
         byte[] magic = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
-        byte[] pwb = null;
-        pwb = password.toUpperCase(Locale.ENGLISH).getBytes(StandardCharsets.ISO_8859_1);
+        byte[] pwb = password.toUpperCase(Locale.ENGLISH).getBytes(
+                StandardCharsets.ISO_8859_1);
         byte[] pwb1 = new byte[14];
         int len = password.length();
         if (len > 14)
@@ -268,7 +268,7 @@ private byte[] calcNTHash() throws GeneralSecurityException {
         try {
             pw = password.getBytes("UnicodeLittleUnmarked");
         } catch (UnsupportedEncodingException e) {
-            assert false;
+            assert false : e;
         }
         byte[] out = md4.digest(pw);
         byte[] result = new byte[21];
@@ -315,7 +315,7 @@ private byte[] calcV2Response(byte[] nthash, byte[] blob, byte[] challenge)
                     getBytes("UnicodeLittleUnmarked");
         } catch (UnsupportedEncodingException ex) {
             // should never happen
-            assert false;
+            assert false : ex;
         }
         byte[] ntlmv2hash = hmacMD5(nthash, txt);
         byte[] cb = new byte[blob.length + 8];
@@ -332,8 +332,8 @@ public String generateType3Msg(String type2msg) {
 
             /* First decode the type2 message to get the server challenge */
             /* challenge is located at type2[24] for 8 bytes */
-            byte[] type2 = null;
-            type2 = Base64.getDecoder().decode(type2msg.getBytes(StandardCharsets.US_ASCII));
+            byte[] type2 = Base64.getDecoder().decode(
+                    type2msg.getBytes(StandardCharsets.US_ASCII));
             if (logger.isLoggable(Level.FINE))
                 logger.fine("type 2 message: " + toHex(type2));
 
@@ -366,10 +366,9 @@ public String generateType3Msg(String type2msg) {
             writeInt(type3, 48, l);
             l += hlen;
 
-            byte[] msg = null;
-            byte[] lmresponse = null;
-            byte[] ntresponse = null;
             int flags = readInt(type2, 20);
+            byte[] lmresponse;
+            byte[] ntresponse;
 
             // did the server agree to NTLMv2?
             if ((flags & NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY) != 0) {
@@ -420,17 +419,16 @@ public String generateType3Msg(String type2msg) {
             writeInt(type3, 24, l);
             l += ntresponse.length;
             writeShort(type3, 56, l);
+            writeInt(type3, 60, type3flags);
 
-            msg = new byte[l];
+            byte[] msg = new byte[l];
             System.arraycopy(type3, 0, msg, 0, l);
 
-            writeInt(type3, 60, type3flags);
-
             if (logger.isLoggable(Level.FINE))
                 logger.fine("type 3 message: " + toHex(msg));
 
-            String result = null;
-            result = new String(Base64.getEncoder().encode(msg), StandardCharsets.ISO_8859_1);
+            String result = new String(Base64.getEncoder().encode(msg),
+                    StandardCharsets.ISO_8859_1);
             return result;
 
         } catch (GeneralSecurityException ex) {
@@ -464,7 +462,7 @@ private void writeInt(byte[] b, int off, int data) {
         b[off + 3] = (byte) ((data >> 24) & 0xff);
     }
 
-    private static char[] hex =
+    private static final char[] hex =
             {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
 
     private static String toHex(byte[] b) {

diff --git a/doc/src/main/resources/docs/CHANGES.txt b/doc/src/main/resources/docs/CHANGES.txt
@@ -18,6 +18,7 @@ The following bugs have been fixed in the 2.0.3 release.
 116: MailHandler LogManger support for mail entries
 123: MailHandler should catch ServiceConfigurationError
 124: Illegal reflective access by com.sun.mail.util.SocketFetcher
+132: NTLM Auth type3flags set after array is copied
 
           CHANGES IN THE 2.0.2 RELEASE
           ----------------------------