Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-124525

NTLM: gracefully handle null terminator in Target Name

    XMLWordPrintable

Details

    • Task
    • Resolution: Unresolved
    • Not Evaluated
    • None
    • 6.7.0
    • Network
    • None

    Description

      I've ran into a bug when I tried to authenticate to a WinGate proxy server with NTLM authentication.

      The server sends the domain name (Target Name) in the challenge with the null terminator included. This is not permitted according to the documentation (https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/94a16bb6-c610-4cb9-8db6-26f15f560061).

      Qt works correctly when it assumes that the string doesn't contain the null terminator when it converts it to QString for further usage.

      However, to make it more resilient and to be able to authenticate with WinGate (and who knows what other servers have this issues), we can truncate the string at the null terminator.

      I've attached a patch with the fix. I've renamed the function because it's only used for Target Name and because of this logic, it should not be used for other Unicode conversions. (Null characters are valid in a Unicode string, but not in a domain name).

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            manordheim MÃ¥rten Nordheim
            tomikaa87 Tamas Karpati
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Gerrit Reviews

                There are no open Gerrit changes