fixes bug 230351 "NTLM base64 decoder should tolerate extra '=' padding" r=cneberg

extensions/negotiateauth/nsHttpNegotiateAuth.cpp

@@ -230,6 +230,10 @@ nsHttpNegotiateAuth::GenerateCredentials(nsIHttpChannel *httpChannel,
         if (!inToken)
             return (NS_ERROR_OUT_OF_MEMORY);
 
+        // strip off any padding (see bug 230351)
+        while (challenge[len - 1] == '=')
+            len--;
+
         //
         // Decode the response that followed the "Negotiate" token
         //

mailnews/base/util/nsMsgProtocol.cpp

@@ -892,14 +892,20 @@ nsresult nsMsgProtocol::DoNtlmStep2(nsCString &commandResponse, nsCString &respo
     nsresult rv;
     void *inBuf, *outBuf;
     PRUint32 inBufLen, outBufLen;
+    PRUint32 len = commandResponse.Length();
 
     // decode into the input secbuffer
-    inBufLen = (commandResponse.Length() * 3)/4;      // sufficient size (see plbase64.h)
+    inBufLen = (len * 3)/4;      // sufficient size (see plbase64.h)
     inBuf = nsMemory::Alloc(inBufLen);
     if (!inBuf)
         return NS_ERROR_OUT_OF_MEMORY;
 
-    rv = (PL_Base64Decode(commandResponse.get(), commandResponse.Length(), (char *)inBuf))
+    // strip off any padding (see bug 230351)
+    const char *challenge = commandResponse.get();
+    while (challenge[len - 1] == '=')
+        len--;
+
+    rv = (PL_Base64Decode(challenge, len, (char *)inBuf))
          ? m_authModule->GetNextToken(inBuf, inBufLen, &outBuf, &outBufLen)
          : NS_ERROR_FAILURE;
 

netwerk/protocol/http/src/nsHttpNTLMAuth.cpp

@@ -128,6 +128,10 @@ nsHttpNTLMAuth::GenerateCredentials(nsIHttpChannel  *httpChannel,
         if (!inBuf)
             return NS_ERROR_OUT_OF_MEMORY;
 
+        // strip off any padding (see bug 230351)
+        while (challenge[len - 1] == '=')
+          len--;
+
         if (PL_Base64Decode(challenge, len, (char *) inBuf) == nsnull) {
             nsMemory::Free(inBuf);
             return NS_ERROR_UNEXPECTED; // improper base64 encoding