moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00
Code Issues Releases Wiki Activity

ntlm: Fixed hard coded buffer for SSPI based auth packet generation

Browse Source 
Given the SSPI package info query indicates a token size of 2888 bytes,
and as with the Winbind code and commit 9008f3d56, use a dynamic buffer
for the Type-1 and Type-3 message generation rather than a fixed buffer
of 1024 bytes.
This commit is contained in:
Steve Holme 2014-08-08 07:23:38 +01:00
parent 03d34b683d
commit df739784e5
2 changed files with 30 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
lib/curl_ntlm_msgs.c
View File

@ -353,6 +353,9 @@ void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm)
ntlm->has_handles = 0; ntlm->has_handles = 0;
} }
ntlm->max_token_length = 0;
Curl_safefree(ntlm->output_token);
Curl_sspi_free_identity(ntlm->p_identity); Curl_sspi_free_identity(ntlm->p_identity);
ntlm->p_identity = NULL; ntlm->p_identity = NULL;
} }
@ -409,7 +412,6 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
(*) -> Optional (*) -> Optional
*/ */
unsigned char ntlmbuf[NTLM_BUFSIZE];
size_t size; size_t size;
#ifdef USE_WINDOWS_SSPI #ifdef USE_WINDOWS_SSPI
@ -429,9 +431,16 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
if(status != SEC_E_OK) if(status != SEC_E_OK)
return CURLE_NOT_BUILT_IN; return CURLE_NOT_BUILT_IN;
ntlm->max_token_length = SecurityPackage->cbMaxToken;
/* Release the package buffer as it is not required anymore */ /* Release the package buffer as it is not required anymore */
s_pSecFn->FreeContextBuffer(SecurityPackage); s_pSecFn->FreeContextBuffer(SecurityPackage);
/* Allocate our output buffer */
ntlm->output_token = malloc(ntlm->max_token_length);
if(!ntlm->output_token)
return CURLE_OUT_OF_MEMORY;
if(userp && *userp) { if(userp && *userp) {
CURLcode result; CURLcode result;
@ -460,9 +469,9 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
type_1_desc.ulVersion = SECBUFFER_VERSION; type_1_desc.ulVersion = SECBUFFER_VERSION;
type_1_desc.cBuffers = 1; type_1_desc.cBuffers = 1;
type_1_desc.pBuffers = &type_1_buf; type_1_desc.pBuffers = &type_1_buf;
type_1_buf.cbBuffer = NTLM_BUFSIZE; type_1_buf.cbBuffer = curlx_uztoul(ntlm->max_token_length);
type_1_buf.BufferType = SECBUFFER_TOKEN; type_1_buf.BufferType = SECBUFFER_TOKEN;
type_1_buf.pvBuffer = ntlmbuf; type_1_buf.pvBuffer = ntlm->output_token;
/* Generate our type-1 message */ /* Generate our type-1 message */
status = s_pSecFn->InitializeSecurityContext(&ntlm->handle, NULL, status = s_pSecFn->InitializeSecurityContext(&ntlm->handle, NULL,
@ -488,6 +497,7 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
#else #else
unsigned char ntlmbuf[NTLM_BUFSIZE];
const char *host = ""; /* empty */ const char *host = ""; /* empty */
const char *domain = ""; /* empty */ const char *domain = ""; /* empty */
size_t hostlen = 0; size_t hostlen = 0;
@ -565,7 +575,11 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
}); });
/* Return with binary blob encoded into base64 */ /* Return with binary blob encoded into base64 */
#ifdef USE_WINDOWS_SSPI
return Curl_base64_encode(NULL, (char *)ntlm->output_token, size, outptr, outlen);
#else
return Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, outlen); return Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, outlen);
#endif
} }
/* /*
@ -612,10 +626,10 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
(*) -> Optional (*) -> Optional
*/ */
unsigned char ntlmbuf[NTLM_BUFSIZE];
size_t size; size_t size;
#ifdef USE_WINDOWS_SSPI #ifdef USE_WINDOWS_SSPI
CURLcode result = CURLE_OK;
SecBuffer type_2_buf; SecBuffer type_2_buf;
SecBuffer type_3_buf; SecBuffer type_3_buf;
SecBufferDesc type_2_desc; SecBufferDesc type_2_desc;
@ -641,8 +655,8 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
type_3_desc.cBuffers = 1; type_3_desc.cBuffers = 1;
type_3_desc.pBuffers = &type_3_buf; type_3_desc.pBuffers = &type_3_buf;
type_3_buf.BufferType = SECBUFFER_TOKEN; type_3_buf.BufferType = SECBUFFER_TOKEN;
type_3_buf.pvBuffer = ntlmbuf; type_3_buf.pvBuffer = ntlm->output_token;
type_3_buf.cbBuffer = NTLM_BUFSIZE; type_3_buf.cbBuffer = curlx_uztoul(ntlm->max_token_length);
/* Generate our type-3 message */ /* Generate our type-3 message */
status = s_pSecFn->InitializeSecurityContext(&ntlm->handle, status = s_pSecFn->InitializeSecurityContext(&ntlm->handle,
@ -661,9 +675,16 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
size = type_3_buf.cbBuffer; size = type_3_buf.cbBuffer;
/* Return with binary blob encoded into base64 */
result = Curl_base64_encode(NULL, (char *)ntlm->output_token, size, outptr, outlen);
Curl_ntlm_sspi_cleanup(ntlm); Curl_ntlm_sspi_cleanup(ntlm);
return result;
#else #else
unsigned char ntlmbuf[NTLM_BUFSIZE];
int lmrespoff; int lmrespoff;
unsigned char lmresp[24]; /* fixed-size */ unsigned char lmresp[24]; /* fixed-size */
#if USE_NTRESPONSES #if USE_NTRESPONSES
@ -979,10 +1000,9 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
if(res) if(res)
return CURLE_CONV_FAILED; return CURLE_CONV_FAILED;
#endif
/* Return with binary blob encoded into base64 */ /* Return with binary blob encoded into base64 */
return Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, outlen); return Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, outlen);
#endif
} }
#endif /* USE_NTLM */ #endif /* USE_NTLM */

2
lib/urldata.h
View File

@ -433,6 +433,8 @@ struct ntlmdata {
CtxtHandle c_handle; CtxtHandle c_handle;
SEC_WINNT_AUTH_IDENTITY identity; SEC_WINNT_AUTH_IDENTITY identity;
SEC_WINNT_AUTH_IDENTITY *p_identity; SEC_WINNT_AUTH_IDENTITY *p_identity;
size_t max_token_length;
BYTE *output_token;
int has_handles; int has_handles;
void *type_2; void *type_2;
unsigned long n_type_2; unsigned long n_type_2;