ntlm_wb: Fix hard-coded limit on NTLM auth packet size

Bumping it to 1KiB in commit aaaf9e50ec is all very well, but having hit a hard limit once let's just make it cope by reallocating as necessary.
2014-07-11 10:27:18 +01:00 · 2014-07-11 10:27:18 +01:00 · 9008f3d564
parent df5169fa35
commit 9008f3d564
1 changed files with 25 additions and 14 deletions
--- a/lib/curl_ntlm_wb.c
+++ b/lib/curl_ntlm_wb.c
@ -227,11 +227,11 @@ done:
 static CURLcode ntlm_wb_response(struct connectdata *conn,
                                 const char *input, curlntlm state)
 {
-  ssize_t size;
-  char buf[NTLM_BUFSIZE];
-  char *tmpbuf = buf;
-  size_t len_in = strlen(input);
-  size_t len_out = sizeof(buf);
+  char *buf = malloc(NTLM_BUFSIZE);
+  size_t len_in = strlen(input), len_out = 0;
+
+  if(!buf)
+    return CURLE_OUT_OF_MEMORY;

  while(len_in > 0) {
    ssize_t written = swrite(conn->ntlm_auth_hlpr_socket, input, len_in);
@ -246,8 +246,11 @@ static CURLcode ntlm_wb_response(struct connectdata *conn,
    len_in -= written;
  }
  /* Read one line */
-  while(len_out > 0) {
-    size = sread(conn->ntlm_auth_hlpr_socket, tmpbuf, len_out);
+  while(1) {
+    ssize_t size;
+    char *newbuf;
+
+    size = sread(conn->ntlm_auth_hlpr_socket, buf + len_out, NTLM_BUFSIZE);
    if(size == -1) {
      if(errno == EINTR)
        continue;
@ -255,22 +258,28 @@ static CURLcode ntlm_wb_response(struct connectdata *conn,
    }
    else if(size == 0)
      goto done;
-    else if(tmpbuf[size - 1] == '\n') {
-      tmpbuf[size - 1] = '\0';
+
+    len_out += size;
+    if(buf[len_out - 1] == '\n') {
+      buf[len_out - 1] = '\0';
      goto wrfinish;
    }
-    tmpbuf += size;
-    len_out -= size;
+    newbuf = realloc(buf, len_out + NTLM_BUFSIZE);
+    if(!newbuf) {
+      free(buf);
+      return CURLE_OUT_OF_MEMORY;
+    }
+    buf = newbuf;
  }
  goto done;
 wrfinish:
  /* Samba/winbind installed but not configured */
  if(state == NTLMSTATE_TYPE1 &&
-     size == 3 &&
+     len_out == 3 &&
     buf[0] == 'P' && buf[1] == 'W')
    return CURLE_REMOTE_ACCESS_DENIED;
  /* invalid response */
-  if(size < 4)
+  if(len_out < 4)
    goto done;
  if(state == NTLMSTATE_TYPE1 &&
     (buf[0]!='Y' || buf[1]!='R' || buf[2]!=' '))
@ -280,9 +289,11 @@ wrfinish:
     (buf[0]!='A' || buf[1]!='F' || buf[2]!=' '))
    goto done;

-  conn->response_header = aprintf("NTLM %.*s", size - 4, buf + 3);
+  conn->response_header = aprintf("NTLM %.*s", len_out - 4, buf + 3);
+  free(buf);
  return CURLE_OK;
 done:
+  free(buf);
  return CURLE_REMOTE_ACCESS_DENIED;
 }