diff options
author | David Woodhouse <David.Woodhouse@intel.com> | 2014-07-11 10:27:18 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2014-07-16 17:26:08 +0200 |
commit | 9008f3d5646f1f32cfe5f06e5e03f56f867a5b04 (patch) | |
tree | 567510c1f604f5c93d1506992817f10de94cea13 | |
parent | df5169fa35f31ebe10893f2a3416ec8e8d8faa20 (diff) |
ntlm_wb: Fix hard-coded limit on NTLM auth packet size
Bumping it to 1KiB in commit aaaf9e50ec is all very well, but having hit
a hard limit once let's just make it cope by reallocating as necessary.
-rw-r--r-- | lib/curl_ntlm_wb.c | 39 |
1 files changed, 25 insertions, 14 deletions
diff --git a/lib/curl_ntlm_wb.c b/lib/curl_ntlm_wb.c index 57f714205..e47b88afb 100644 --- a/lib/curl_ntlm_wb.c +++ b/lib/curl_ntlm_wb.c @@ -227,11 +227,11 @@ done: static CURLcode ntlm_wb_response(struct connectdata *conn, const char *input, curlntlm state) { - ssize_t size; - char buf[NTLM_BUFSIZE]; - char *tmpbuf = buf; - size_t len_in = strlen(input); - size_t len_out = sizeof(buf); + char *buf = malloc(NTLM_BUFSIZE); + size_t len_in = strlen(input), len_out = 0; + + if(!buf) + return CURLE_OUT_OF_MEMORY; while(len_in > 0) { ssize_t written = swrite(conn->ntlm_auth_hlpr_socket, input, len_in); @@ -246,8 +246,11 @@ static CURLcode ntlm_wb_response(struct connectdata *conn, len_in -= written; } /* Read one line */ - while(len_out > 0) { - size = sread(conn->ntlm_auth_hlpr_socket, tmpbuf, len_out); + while(1) { + ssize_t size; + char *newbuf; + + size = sread(conn->ntlm_auth_hlpr_socket, buf + len_out, NTLM_BUFSIZE); if(size == -1) { if(errno == EINTR) continue; @@ -255,22 +258,28 @@ static CURLcode ntlm_wb_response(struct connectdata *conn, } else if(size == 0) goto done; - else if(tmpbuf[size - 1] == '\n') { - tmpbuf[size - 1] = '\0'; + + len_out += size; + if(buf[len_out - 1] == '\n') { + buf[len_out - 1] = '\0'; goto wrfinish; } - tmpbuf += size; - len_out -= size; + newbuf = realloc(buf, len_out + NTLM_BUFSIZE); + if(!newbuf) { + free(buf); + return CURLE_OUT_OF_MEMORY; + } + buf = newbuf; } goto done; wrfinish: /* Samba/winbind installed but not configured */ if(state == NTLMSTATE_TYPE1 && - size == 3 && + len_out == 3 && buf[0] == 'P' && buf[1] == 'W') return CURLE_REMOTE_ACCESS_DENIED; /* invalid response */ - if(size < 4) + if(len_out < 4) goto done; if(state == NTLMSTATE_TYPE1 && (buf[0]!='Y' || buf[1]!='R' || buf[2]!=' ')) @@ -280,9 +289,11 @@ wrfinish: (buf[0]!='A' || buf[1]!='F' || buf[2]!=' ')) goto done; - conn->response_header = aprintf("NTLM %.*s", size - 4, buf + 3); + conn->response_header = aprintf("NTLM %.*s", len_out - 4, buf + 3); + free(buf); return CURLE_OK; done: + free(buf); return CURLE_REMOTE_ACCESS_DENIED; } |