ntlm: provide a fixed fake host name

The NTLM protocol includes providing the local host name, but apparently other implementations already provide a fixed fake name instead to avoid leaking the real local name. The exact name used is 'WORKSTATION', because Firefox uses that. The change is written to allow someone to "back-pedal" fairly easy in case of need. Reported-by: Carlo Alberto Fixes #8859 Closes #8889
2024-12-03 06:20:31 +08:00 · 2022-05-20 16:23:21 +02:00 · 2022-05-20 16:23:21 +02:00 · 709ae2454f
commit 709ae2454f
parent c92c650413
1 changed files with 8 additions and 0 deletions
--- a/lib/vauth/ntlm.c
+++ b/lib/vauth/ntlm.c
@ -62,6 +62,10 @@
 /* "NTLMSSP" signature is always in ASCII regardless of the platform */
 #define NTLMSSP_SIGNATURE "\x4e\x54\x4c\x4d\x53\x53\x50"

+/* The fixed host name we provide, in order to not leak our real local host
+   name. Copy the name used by Firefox. */
+#define NTLM_HOSTNAME "WORKSTATION"
+
 #if DEBUG_ME
 # define DEBUG_OUT(x) x
 static void ntlm_print_flags(FILE *handle, unsigned long flags)
@ -521,6 +525,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,

  userlen = strlen(user);

+#ifndef NTLM_HOSTNAME
  /* Get the machine's un-qualified host name as NTLM doesn't like the fully
     qualified domain name */
  if(Curl_gethostname(host, sizeof(host))) {
@ -530,6 +535,9 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
  else {
    hostlen = strlen(host);
  }
+#else
+  hostlen = sizeof(NTLM_HOSTNAME)-1;
+#endif

  if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) {
    unsigned char ntbuffer[0x18];