mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 23:58:49 -05:00
ntlm: Fixed hard coded buffer for SSPI based auth packet generation
Given the SSPI package info query indicates a token size of 2888 bytes,
and as with the Winbind code and commit 9008f3d56, use a dynamic buffer
for the Type-1 and Type-3 message generation rather than a fixed buffer
of 1024 bytes.
This commit is contained in:
Steve Holme
parent
03d34b683d
commit
df739784e5
@ -353,6 +353,9 @@ void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm)
|
||||
ntlm->has_handles = 0;
|
||||
}
|
||||
|
||||
ntlm->max_token_length = 0;
|
||||
Curl_safefree(ntlm->output_token);
|
||||
|
||||
Curl_sspi_free_identity(ntlm->p_identity);
|
||||
ntlm->p_identity = NULL;
|
||||
}
|
||||
@ -409,7 +412,6 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
|
||||
(*) -> Optional
|
||||
*/
|
||||
|
||||
unsigned char ntlmbuf[NTLM_BUFSIZE];
|
||||
size_t size;
|
||||
|
||||
#ifdef USE_WINDOWS_SSPI
|
||||
@ -429,9 +431,16 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
|
||||
if(status != SEC_E_OK)
|
||||
return CURLE_NOT_BUILT_IN;
|
||||
|
||||
ntlm->max_token_length = SecurityPackage->cbMaxToken;
|
||||
|
||||
/* Release the package buffer as it is not required anymore */
|
||||
s_pSecFn->FreeContextBuffer(SecurityPackage);
|
||||
|
||||
/* Allocate our output buffer */
|
||||
ntlm->output_token = malloc(ntlm->max_token_length);
|
||||
if(!ntlm->output_token)
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
|
||||
if(userp && *userp) {
|
||||
CURLcode result;
|
||||
|
||||
@ -460,9 +469,9 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
|
||||
type_1_desc.ulVersion = SECBUFFER_VERSION;
|
||||
type_1_desc.cBuffers = 1;
|
||||
type_1_desc.pBuffers = &type_1_buf;
|
||||
type_1_buf.cbBuffer = NTLM_BUFSIZE;
|
||||
type_1_buf.cbBuffer = curlx_uztoul(ntlm->max_token_length);
|
||||
type_1_buf.BufferType = SECBUFFER_TOKEN;
|
||||
type_1_buf.pvBuffer = ntlmbuf;
|
||||
type_1_buf.pvBuffer = ntlm->output_token;
|
||||
|
||||
/* Generate our type-1 message */
|
||||
status = s_pSecFn->InitializeSecurityContext(&ntlm->handle, NULL,
|
||||
@ -488,6 +497,7 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
|
||||
|
||||
#else
|
||||
|
||||
unsigned char ntlmbuf[NTLM_BUFSIZE];
|
||||
const char *host = ""; /* empty */
|
||||
const char *domain = ""; /* empty */
|
||||
size_t hostlen = 0;
|
||||
@ -565,7 +575,11 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
|
||||
});
|
||||
|
||||
/* Return with binary blob encoded into base64 */
|
||||
#ifdef USE_WINDOWS_SSPI
|
||||
return Curl_base64_encode(NULL, (char *)ntlm->output_token, size, outptr, outlen);
|
||||
#else
|
||||
return Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, outlen);
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
@ -612,10 +626,10 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
|
||||
(*) -> Optional
|
||||
*/
|
||||
|
||||
unsigned char ntlmbuf[NTLM_BUFSIZE];
|
||||
size_t size;
|
||||
|
||||
#ifdef USE_WINDOWS_SSPI
|
||||
CURLcode result = CURLE_OK;
|
||||
SecBuffer type_2_buf;
|
||||
SecBuffer type_3_buf;
|
||||
SecBufferDesc type_2_desc;
|
||||
@ -641,8 +655,8 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
|
||||
type_3_desc.cBuffers = 1;
|
||||
type_3_desc.pBuffers = &type_3_buf;
|
||||
type_3_buf.BufferType = SECBUFFER_TOKEN;
|
||||
type_3_buf.pvBuffer = ntlmbuf;
|
||||
type_3_buf.cbBuffer = NTLM_BUFSIZE;
|
||||
type_3_buf.pvBuffer = ntlm->output_token;
|
||||
type_3_buf.cbBuffer = curlx_uztoul(ntlm->max_token_length);
|
||||
|
||||
/* Generate our type-3 message */
|
||||
status = s_pSecFn->InitializeSecurityContext(&ntlm->handle,
|
||||
@ -661,9 +675,16 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
|
||||
|
||||
size = type_3_buf.cbBuffer;
|
||||
|
||||
/* Return with binary blob encoded into base64 */
|
||||
result = Curl_base64_encode(NULL, (char *)ntlm->output_token, size, outptr, outlen);
|
||||
|
||||
Curl_ntlm_sspi_cleanup(ntlm);
|
||||
|
||||
return result;
|
||||
|
||||
#else
|
||||
|
||||
unsigned char ntlmbuf[NTLM_BUFSIZE];
|
||||
int lmrespoff;
|
||||
unsigned char lmresp[24]; /* fixed-size */
|
||||
#if USE_NTRESPONSES
|
||||
@ -979,10 +1000,9 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
|
||||
if(res)
|
||||
return CURLE_CONV_FAILED;
|
||||
|
||||
#endif
|
||||
|
||||
/* Return with binary blob encoded into base64 */
|
||||
return Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, outlen);
|
||||
#endif
|
||||
}
|
||||
|
||||
#endif /* USE_NTLM */
|
||||
|
||||
@ -433,6 +433,8 @@ struct ntlmdata {
|
||||
CtxtHandle c_handle;
|
||||
SEC_WINNT_AUTH_IDENTITY identity;
|
||||
SEC_WINNT_AUTH_IDENTITY *p_identity;
|
||||
size_t max_token_length;
|
||||
BYTE *output_token;
|
||||
int has_handles;
|
||||
void *type_2;
|
||||
unsigned long n_type_2;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user