sasl_sspi: Don't use hard coded sizes in Kerberos V5 security data

Don't use a hard coded size of 4 for the security layer and buffer size in Curl_sasl_create_gssapi_security_message(), instead, use sizeof() as we have done in the sasl_gssapi module.
2024-08-13 17:03:50 -04:00 · 2014-12-05 00:22:34 +00:00 · 2014-12-05 00:22:34 +00:00 · ef5b98742f
commit ef5b98742f
parent 697592b3dd
1 changed files with 4 additions and 5 deletions
--- a/lib/curl_sasl_sspi.c
+++ b/lib/curl_sasl_sspi.c
@ -1068,8 +1068,6 @@ CURLcode Curl_sasl_create_gssapi_security_message(struct SessionHandle *data,
    max_size = 0;
  }

-  outdata = htonl(max_size) | sec_layer;
-
  /* Allocate the trailer */
  trailer = malloc(sizes.cbSecurityTrailer);
  if(!trailer)
@ -1084,7 +1082,7 @@ CURLcode Curl_sasl_create_gssapi_security_message(struct SessionHandle *data,
  }

  /* Allocate our message */
-  messagelen = 4 + strlen(user_name) + 1;
+  messagelen = sizeof(outdata) + strlen(user_name) + 1;
  message = malloc(messagelen);
  if(!message) {
    Curl_safefree(trailer);
@ -1098,8 +1096,9 @@ CURLcode Curl_sasl_create_gssapi_security_message(struct SessionHandle *data,
     terminator. Note: Dispite RFC4752 Section 3.1 stating "The authorization
     identity is not terminated with the zero-valued (%x00) octet." it seems
     necessary to include it. */
-  memcpy(message, &outdata, 4);
-  strcpy((char *)message + 4, user_name);
+  outdata = htonl(max_size) | sec_layer;
+  memcpy(message, &outdata, sizeof(outdata));
+  strcpy((char *) message + sizeof(outdata), user_name);
  Curl_unicodefree(user_name);

  /* Allocate the padding */