moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2025-03-01 01:41:50 -05:00
Code Issues Releases Wiki Activity

sasl_sspi: Fixed hard coded buffer for response generation

Browse Source 
Given the SSPI package info query indicates a token size of 4096 bytes,
updated to use a dynamic buffer for the response message generation
rather than a fixed buffer of 1024 bytes.
This commit is contained in:
Steve Holme 2014-08-10 11:01:27 +01:00
parent d804ff0d6b
commit cd6ecf6a89
1 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
lib/curl_sasl_sspi.c
View File

@ -118,8 +118,9 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
CURLcode result = CURLE_OK; CURLcode result = CURLE_OK;
TCHAR *spn = NULL; TCHAR *spn = NULL;
size_t chlglen = 0; size_t chlglen = 0;
size_t resp_max = 0;
unsigned char *chlg = NULL; unsigned char *chlg = NULL;
unsigned char resp[1024]; unsigned char *resp = NULL;
CredHandle handle; CredHandle handle;
CtxtHandle ctx; CtxtHandle ctx;
PSecPkgInfo SecurityPackage; PSecPkgInfo SecurityPackage;
@ -155,15 +156,27 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
&SecurityPackage); &SecurityPackage);
if(status != SEC_E_OK) { if(status != SEC_E_OK) {
Curl_safefree(chlg); Curl_safefree(chlg);
return CURLE_NOT_BUILT_IN; return CURLE_NOT_BUILT_IN;
} }
resp_max = SecurityPackage->cbMaxToken;
/* Release the package buffer as it is not required anymore */ /* Release the package buffer as it is not required anymore */
s_pSecFn->FreeContextBuffer(SecurityPackage); s_pSecFn->FreeContextBuffer(SecurityPackage);
/* Allocate our response buffer */
resp = malloc(resp_max);
if(!resp) {
Curl_safefree(chlg);
return CURLE_OUT_OF_MEMORY;
}
/* Generate our SPN */ /* Generate our SPN */
spn = Curl_sasl_build_spn(service, data->easy_conn->host.name); spn = Curl_sasl_build_spn(service, data->easy_conn->host.name);
if(!spn) { if(!spn) {
Curl_safefree(resp);
Curl_safefree(chlg); Curl_safefree(chlg);
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
@ -173,6 +186,7 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
result = Curl_create_sspi_identity(userp, passwdp, &identity); result = Curl_create_sspi_identity(userp, passwdp, &identity);
if(result) { if(result) {
Curl_safefree(spn); Curl_safefree(spn);
Curl_safefree(resp);
Curl_safefree(chlg); Curl_safefree(chlg);
return result; return result;
@ -188,6 +202,7 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
if(status != SEC_E_OK) { if(status != SEC_E_OK) {
Curl_sspi_free_identity(&identity); Curl_sspi_free_identity(&identity);
Curl_safefree(spn); Curl_safefree(spn);
Curl_safefree(resp);
Curl_safefree(chlg); Curl_safefree(chlg);
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
@ -207,7 +222,7 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
resp_desc.pBuffers = &resp_buf; resp_desc.pBuffers = &resp_buf;
resp_buf.BufferType = SECBUFFER_TOKEN; resp_buf.BufferType = SECBUFFER_TOKEN;
resp_buf.pvBuffer = resp; resp_buf.pvBuffer = resp;
resp_buf.cbBuffer = sizeof(resp); resp_buf.cbBuffer = curlx_uztoul(resp_max);
/* Generate our challenge-response message */ /* Generate our challenge-response message */
status = s_pSecFn->InitializeSecurityContext(&handle, NULL, spn, 0, 0, 0, status = s_pSecFn->InitializeSecurityContext(&handle, NULL, spn, 0, 0, 0,
@ -221,6 +236,7 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
s_pSecFn->FreeCredentialsHandle(&handle); s_pSecFn->FreeCredentialsHandle(&handle);
Curl_sspi_free_identity(&identity); Curl_sspi_free_identity(&identity);
Curl_safefree(spn); Curl_safefree(spn);
Curl_safefree(resp);
Curl_safefree(chlg); Curl_safefree(chlg);
return CURLE_RECV_ERROR; return CURLE_RECV_ERROR;
@ -240,6 +256,9 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
/* Free the SPN */ /* Free the SPN */
Curl_safefree(spn); Curl_safefree(spn);
/* Free the response buffer */
Curl_safefree(resp);
/* Free the decoeded challenge message */ /* Free the decoeded challenge message */
Curl_safefree(chlg); Curl_safefree(chlg);