Address out of bounds panic on Proxy-Authenticate header

Signed-off-by: Brian Dwyer <Brian.Dwyer@broadridge.com>
aus · Apr 18, 2020 · 20a87f0 · 20a87f0
1 parent fb78529
commit 20a87f0
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/ntlm_windows.go b/ntlm_windows.go
@@ -10,6 +10,7 @@ import (
 	"net"
 	"net/http"
 	"net/url"
+	"strings"
 
 	"github.com/alexbrainman/sspi"
 	"github.com/alexbrainman/sspi/ntlm"
@@ -70,7 +71,18 @@ func dialNTLM(p Proxy, addr string, baseDial func() (net.Conn, error)) (net.Conn
 		return conn, errors.New("Unexpected HTTP status code")
 	}
 
-	challenge, err := base64.StdEncoding.DecodeString(resp.Header["Proxy-Authenticate"][0][5:])
+	challengeHeaders, found := resp.Header["Proxy-Authenticate"]
+	if !found {
+		return conn, errors.New("did not receive a challenge from the server")
+	}
+	if len(challengeHeaders) != 1 {
+		return conn, errors.New("received malformed challenge from the server")
+	}
+	if len(challengeHeaders[0]) < 6 || !strings.HasPrefix(challengeHeaders[0], "NTLM ") {
+		return conn, errors.New("received malformed challenge from the server")
+	}
+
+	challenge, err := base64.StdEncoding.DecodeString(challengeHeaders[0][5:])
 	if err != nil {
 		debugf("ntlm> Could not read challenge response")
 		return conn, err