mirror of
https://github.com/moparisthebest/curl
synced 2024-08-13 17:03:50 -04:00
http_digest.c: SIGSEGV and OOM handling fixes
This commit is contained in:
Yang Tse
parent
83f0dae129
commit
2af64c6432
@ -25,13 +25,11 @@
|
|||||||
#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH)
|
#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH)
|
||||||
|
|
||||||
#include "urldata.h"
|
#include "urldata.h"
|
||||||
#include "sendf.h"
|
|
||||||
#include "rawstr.h"
|
#include "rawstr.h"
|
||||||
#include "curl_base64.h"
|
#include "curl_base64.h"
|
||||||
#include "curl_md5.h"
|
#include "curl_md5.h"
|
||||||
#include "http_digest.h"
|
#include "http_digest.h"
|
||||||
#include "strtok.h"
|
#include "strtok.h"
|
||||||
#include "url.h" /* for Curl_safefree() */
|
|
||||||
#include "curl_memory.h"
|
#include "curl_memory.h"
|
||||||
#include "sslgen.h" /* for Curl_rand() */
|
#include "sslgen.h" /* for Curl_rand() */
|
||||||
#include "non-ascii.h" /* included for Curl_convert_... prototypes */
|
#include "non-ascii.h" /* included for Curl_convert_... prototypes */
|
||||||
@ -284,7 +282,7 @@ static char *string_quoted(const char *source)
|
|||||||
++s;
|
++s;
|
||||||
}
|
}
|
||||||
|
|
||||||
dest = (char *)malloc(n);
|
dest = malloc(n);
|
||||||
if(dest) {
|
if(dest) {
|
||||||
s = source;
|
s = source;
|
||||||
d = dest;
|
d = dest;
|
||||||
@ -311,7 +309,7 @@ CURLcode Curl_output_digest(struct connectdata *conn,
|
|||||||
unsigned char md5buf[16]; /* 16 bytes/128 bits */
|
unsigned char md5buf[16]; /* 16 bytes/128 bits */
|
||||||
unsigned char request_digest[33];
|
unsigned char request_digest[33];
|
||||||
unsigned char *md5this;
|
unsigned char *md5this;
|
||||||
unsigned char *ha1;
|
unsigned char ha1[33];/* 32 digits and 1 zero byte */
|
||||||
unsigned char ha2[33];/* 32 digits and 1 zero byte */
|
unsigned char ha2[33];/* 32 digits and 1 zero byte */
|
||||||
char cnoncebuf[33];
|
char cnoncebuf[33];
|
||||||
char *cnonce = NULL;
|
char *cnonce = NULL;
|
||||||
@ -353,10 +351,7 @@ CURLcode Curl_output_digest(struct connectdata *conn,
|
|||||||
authp = &data->state.authhost;
|
authp = &data->state.authhost;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(*allocuserpwd) {
|
Curl_safefree(*allocuserpwd);
|
||||||
Curl_safefree(*allocuserpwd);
|
|
||||||
*allocuserpwd = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* not set means empty */
|
/* not set means empty */
|
||||||
if(!userp)
|
if(!userp)
|
||||||
@ -406,12 +401,7 @@ CURLcode Curl_output_digest(struct connectdata *conn,
|
|||||||
|
|
||||||
CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */
|
CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */
|
||||||
Curl_md5it(md5buf, md5this);
|
Curl_md5it(md5buf, md5this);
|
||||||
free(md5this); /* free this again */
|
Curl_safefree(md5this);
|
||||||
|
|
||||||
ha1 = malloc(33); /* 32 digits and 1 zero byte */
|
|
||||||
if(!ha1)
|
|
||||||
return CURLE_OUT_OF_MEMORY;
|
|
||||||
|
|
||||||
md5_to_ascii(md5buf, ha1);
|
md5_to_ascii(md5buf, ha1);
|
||||||
|
|
||||||
if(d->algo == CURLDIGESTALGO_MD5SESS) {
|
if(d->algo == CURLDIGESTALGO_MD5SESS) {
|
||||||
@ -421,7 +411,7 @@ CURLcode Curl_output_digest(struct connectdata *conn,
|
|||||||
return CURLE_OUT_OF_MEMORY;
|
return CURLE_OUT_OF_MEMORY;
|
||||||
CURL_OUTPUT_DIGEST_CONV(data, tmp); /* convert on non-ASCII machines */
|
CURL_OUTPUT_DIGEST_CONV(data, tmp); /* convert on non-ASCII machines */
|
||||||
Curl_md5it(md5buf, (unsigned char *)tmp);
|
Curl_md5it(md5buf, (unsigned char *)tmp);
|
||||||
free(tmp); /* free this again */
|
Curl_safefree(tmp);
|
||||||
md5_to_ascii(md5buf, ha1);
|
md5_to_ascii(md5buf, ha1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -463,18 +453,16 @@ CURLcode Curl_output_digest(struct connectdata *conn,
|
|||||||
TODO: replace md5 of empty string with entity-body for PUT/POST */
|
TODO: replace md5 of empty string with entity-body for PUT/POST */
|
||||||
unsigned char *md5this2 = (unsigned char *)
|
unsigned char *md5this2 = (unsigned char *)
|
||||||
aprintf("%s:%s", md5this, "d41d8cd98f00b204e9800998ecf8427e");
|
aprintf("%s:%s", md5this, "d41d8cd98f00b204e9800998ecf8427e");
|
||||||
free(md5this);
|
Curl_safefree(md5this);
|
||||||
md5this = md5this2;
|
md5this = md5this2;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!md5this) {
|
if(!md5this)
|
||||||
free(ha1);
|
|
||||||
return CURLE_OUT_OF_MEMORY;
|
return CURLE_OUT_OF_MEMORY;
|
||||||
}
|
|
||||||
|
|
||||||
CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */
|
CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */
|
||||||
Curl_md5it(md5buf, md5this);
|
Curl_md5it(md5buf, md5this);
|
||||||
free(md5this); /* free this again */
|
Curl_safefree(md5this);
|
||||||
md5_to_ascii(md5buf, ha2);
|
md5_to_ascii(md5buf, ha2);
|
||||||
|
|
||||||
if(d->qop) {
|
if(d->qop) {
|
||||||
@ -492,13 +480,12 @@ CURLcode Curl_output_digest(struct connectdata *conn,
|
|||||||
d->nonce,
|
d->nonce,
|
||||||
ha2);
|
ha2);
|
||||||
}
|
}
|
||||||
free(ha1);
|
|
||||||
if(!md5this)
|
if(!md5this)
|
||||||
return CURLE_OUT_OF_MEMORY;
|
return CURLE_OUT_OF_MEMORY;
|
||||||
|
|
||||||
CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */
|
CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */
|
||||||
Curl_md5it(md5buf, md5this);
|
Curl_md5it(md5buf, md5this);
|
||||||
free(md5this); /* free this again */
|
Curl_safefree(md5this);
|
||||||
md5_to_ascii(md5buf, request_digest);
|
md5_to_ascii(md5buf, request_digest);
|
||||||
|
|
||||||
/* for test case 64 (snooped from a Mozilla 1.3a request)
|
/* for test case 64 (snooped from a Mozilla 1.3a request)
|
||||||
@ -515,7 +502,7 @@ CURLcode Curl_output_digest(struct connectdata *conn,
|
|||||||
chracters.
|
chracters.
|
||||||
*/
|
*/
|
||||||
userp_quoted = string_quoted(userp);
|
userp_quoted = string_quoted(userp);
|
||||||
if(!*userp_quoted)
|
if(!userp_quoted)
|
||||||
return CURLE_OUT_OF_MEMORY;
|
return CURLE_OUT_OF_MEMORY;
|
||||||
|
|
||||||
if(d->qop) {
|
if(d->qop) {
|
||||||
@ -559,7 +546,7 @@ CURLcode Curl_output_digest(struct connectdata *conn,
|
|||||||
uripath, /* this is the PATH part of the URL */
|
uripath, /* this is the PATH part of the URL */
|
||||||
request_digest);
|
request_digest);
|
||||||
}
|
}
|
||||||
free(userp_quoted);
|
Curl_safefree(userp_quoted);
|
||||||
if(!*allocuserpwd)
|
if(!*allocuserpwd)
|
||||||
return CURLE_OUT_OF_MEMORY;
|
return CURLE_OUT_OF_MEMORY;
|
||||||
|
|
||||||
@ -595,29 +582,12 @@ CURLcode Curl_output_digest(struct connectdata *conn,
|
|||||||
|
|
||||||
static void digest_cleanup_one(struct digestdata *d)
|
static void digest_cleanup_one(struct digestdata *d)
|
||||||
{
|
{
|
||||||
if(d->nonce)
|
Curl_safefree(d->nonce);
|
||||||
free(d->nonce);
|
Curl_safefree(d->cnonce);
|
||||||
d->nonce = NULL;
|
Curl_safefree(d->realm);
|
||||||
|
Curl_safefree(d->opaque);
|
||||||
if(d->cnonce)
|
Curl_safefree(d->qop);
|
||||||
free(d->cnonce);
|
Curl_safefree(d->algorithm);
|
||||||
d->cnonce = NULL;
|
|
||||||
|
|
||||||
if(d->realm)
|
|
||||||
free(d->realm);
|
|
||||||
d->realm = NULL;
|
|
||||||
|
|
||||||
if(d->opaque)
|
|
||||||
free(d->opaque);
|
|
||||||
d->opaque = NULL;
|
|
||||||
|
|
||||||
if(d->qop)
|
|
||||||
free(d->qop);
|
|
||||||
d->qop = NULL;
|
|
||||||
|
|
||||||
if(d->algorithm)
|
|
||||||
free(d->algorithm);
|
|
||||||
d->algorithm = NULL;
|
|
||||||
|
|
||||||
d->nc = 0;
|
d->nc = 0;
|
||||||
d->algo = CURLDIGESTALGO_MD5; /* default algorithm */
|
d->algo = CURLDIGESTALGO_MD5; /* default algorithm */
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user