moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-11-10 11:35:07 -05:00
Code Issues Releases Wiki Activity

ntlm_wb: Fix hard-coded limit on NTLM auth packet size

Browse Source 
Bumping it to 1KiB in commit aaaf9e50ec is all very well, but having hit
a hard limit once let's just make it cope by reallocating as necessary.
This commit is contained in:
David Woodhouse 2014-07-11 10:27:18 +01:00 committed by Daniel Stenberg
parent df5169fa35
commit 9008f3d564
1 changed files with 25 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
lib/curl_ntlm_wb.c
View File

@ -227,11 +227,11 @@ done:
static CURLcode ntlm_wb_response(struct connectdata *conn, static CURLcode ntlm_wb_response(struct connectdata *conn,
const char *input, curlntlm state) const char *input, curlntlm state)
{ {
ssize_t size; char *buf = malloc(NTLM_BUFSIZE);
char buf[NTLM_BUFSIZE]; size_t len_in = strlen(input), len_out = 0;
char *tmpbuf = buf;
size_t len_in = strlen(input); if(!buf)
size_t len_out = sizeof(buf); return CURLE_OUT_OF_MEMORY;
while(len_in > 0) { while(len_in > 0) {
ssize_t written = swrite(conn->ntlm_auth_hlpr_socket, input, len_in); ssize_t written = swrite(conn->ntlm_auth_hlpr_socket, input, len_in);
@ -246,8 +246,11 @@ static CURLcode ntlm_wb_response(struct connectdata *conn,
len_in -= written; len_in -= written;
} }
/* Read one line */ /* Read one line */
while(len_out > 0) { while(1) {
size = sread(conn->ntlm_auth_hlpr_socket, tmpbuf, len_out); ssize_t size;
char *newbuf;
size = sread(conn->ntlm_auth_hlpr_socket, buf + len_out, NTLM_BUFSIZE);
if(size == -1) { if(size == -1) {
if(errno == EINTR) if(errno == EINTR)
continue; continue;
@ -255,22 +258,28 @@ static CURLcode ntlm_wb_response(struct connectdata *conn,
} }
else if(size == 0) else if(size == 0)
goto done; goto done;
else if(tmpbuf[size - 1] == '\n') {
tmpbuf[size - 1] = '\0'; len_out += size;
if(buf[len_out - 1] == '\n') {
buf[len_out - 1] = '\0';
goto wrfinish; goto wrfinish;
} }
tmpbuf += size; newbuf = realloc(buf, len_out + NTLM_BUFSIZE);
len_out -= size; if(!newbuf) {
free(buf);
return CURLE_OUT_OF_MEMORY;
}
buf = newbuf;
} }
goto done; goto done;
wrfinish: wrfinish:
/* Samba/winbind installed but not configured */ /* Samba/winbind installed but not configured */
if(state == NTLMSTATE_TYPE1 && if(state == NTLMSTATE_TYPE1 &&
size == 3 && len_out == 3 &&
buf[0] == 'P' && buf[1] == 'W') buf[0] == 'P' && buf[1] == 'W')
return CURLE_REMOTE_ACCESS_DENIED; return CURLE_REMOTE_ACCESS_DENIED;
/* invalid response */ /* invalid response */
if(size < 4) if(len_out < 4)
goto done; goto done;
if(state == NTLMSTATE_TYPE1 && if(state == NTLMSTATE_TYPE1 &&
(buf[0]!='Y' || buf[1]!='R' || buf[2]!=' ')) (buf[0]!='Y' || buf[1]!='R' || buf[2]!=' '))
@ -280,9 +289,11 @@ wrfinish:
(buf[0]!='A' || buf[1]!='F' || buf[2]!=' ')) (buf[0]!='A' || buf[1]!='F' || buf[2]!=' '))
goto done; goto done;
conn->response_header = aprintf("NTLM %.*s", size - 4, buf + 3); conn->response_header = aprintf("NTLM %.*s", len_out - 4, buf + 3);
free(buf);
return CURLE_OK; return CURLE_OK;
done: done:
free(buf);
return CURLE_REMOTE_ACCESS_DENIED; return CURLE_REMOTE_ACCESS_DENIED;
} }