aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Hägele <haegele@teamviewer.com>2012-07-02 22:59:54 +0200
committerDaniel Stenberg <daniel@haxx.se>2012-07-02 22:59:54 +0200
commitdd302206ad3dc98c9dca74086850cc560739f188 (patch)
tree20284b9b1ff188e4772c819f49c0ed500b5a5dc2
parentb3ebfc2b74fbc522b0ac1e69e3724150e92794a7 (diff)
unicode NTLM SSPI: heap corruption fixed
When compiling libcurl with UNICODE defined and using unicode characters in username.
-rw-r--r--lib/curl_ntlm_msgs.c89
1 files changed, 55 insertions, 34 deletions
diff --git a/lib/curl_ntlm_msgs.c b/lib/curl_ntlm_msgs.c
index c17880bb4..0fcfec69e 100644
--- a/lib/curl_ntlm_msgs.c
+++ b/lib/curl_ntlm_msgs.c
@@ -351,67 +351,88 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
SecBufferDesc desc;
SECURITY_STATUS status;
unsigned long attrs;
- const char *user;
- const char *domain = "";
- size_t userlen = 0;
+ const TCHAR *useranddomain;
+ const TCHAR *user;
+ const TCHAR *passwd;
+ const TCHAR *domain = TEXT("");
size_t domlen = 0;
- size_t passwdlen = 0;
TimeStamp tsDummy; /* For Windows 9x compatibility of SSPI calls */
Curl_ntlm_sspi_cleanup(ntlm);
- user = strchr(userp, '\\');
- if(!user)
- user = strchr(userp, '/');
-
- if(user) {
- domain = userp;
- domlen = user - userp;
- user++;
- }
- else {
- user = userp;
- domain = "";
- domlen = 0;
- }
-
- if(user)
- userlen = strlen(user);
+ if(userp && *userp) {
+#ifdef UNICODE
+ useranddomain = Curl_convert_UTF8_to_wchar(userp);
+ if(useranddomain == NULL)
+ return CURLE_OUT_OF_MEMORY;
+#else
+ useranddomain = userp;
+#endif
- if(passwdp)
- passwdlen = strlen(passwdp);
+ user = _tcschr(useranddomain, TEXT('\\'));
+ if(!user)
+ user = _tcschr(useranddomain, TEXT('/'));
+
+ if(user) {
+ domain = useranddomain;
+ domlen = user - useranddomain;
+ user++;
+ }
+ else {
+ user = useranddomain;
+ domain = TEXT("");
+ domlen = 0;
+ }
- if(userlen > 0) {
/* note: initialize all of this before doing the mallocs so that
* it can be cleaned up later without leaking memory.
*/
ntlm->p_identity = &ntlm->identity;
memset(ntlm->p_identity, 0, sizeof(*ntlm->p_identity));
+
#ifdef UNICODE
- if((ntlm->identity.User = Curl_convert_UTF8_to_wchar(user)) == NULL)
+ if((ntlm->identity.User = (unsigned short *)_wcsdup(user)) == NULL) {
+ free((void *)useranddomain);
return CURLE_OUT_OF_MEMORY;
+ }
#else
if((ntlm->identity.User = (unsigned char *)strdup(user)) == NULL)
return CURLE_OUT_OF_MEMORY;
#endif
+ ntlm->identity.UserLength = (unsigned long)_tcslen(user);
+
+ ntlm->identity.Domain = malloc(sizeof(TCHAR) * (domlen + 1));
+ if(ntlm->identity.Domain == NULL) {
+#ifdef UNICODE
+ free((void *)useranddomain);
+#endif
+ return CURLE_OUT_OF_MEMORY;
+ }
+ _tcsncpy((TCHAR *)ntlm->identity.Domain, domain, domlen);
+ ntlm->identity.Domain[domlen] = TEXT('\0');
+ ntlm->identity.DomainLength = (unsigned long)domlen;
+
+#ifdef UNICODE
+ free((void *)useranddomain);
+#endif
- ntlm->identity.UserLength = (unsigned long)userlen;
#ifdef UNICODE
- if((ntlm->identity.Password = Curl_convert_UTF8_to_wchar(passwdp)) == NULL)
+ ntlm->identity.Password = (unsigned short *)
+ Curl_convert_UTF8_to_wchar(passwdp);
+ if(ntlm->identity.Password == NULL)
return CURLE_OUT_OF_MEMORY;
#else
if((ntlm->identity.Password = (unsigned char *)strdup(passwdp)) == NULL)
return CURLE_OUT_OF_MEMORY;
#endif
+ ntlm->identity.PasswordLength =
+ (unsigned long)_tcslen((TCHAR *)ntlm->identity.Password);
- ntlm->identity.PasswordLength = (unsigned long)passwdlen;
- if((ntlm->identity.Domain = malloc(domlen + 1)) == NULL)
- return CURLE_OUT_OF_MEMORY;
-
- strncpy((char *)ntlm->identity.Domain, domain, domlen);
- ntlm->identity.Domain[domlen] = '\0';
- ntlm->identity.DomainLength = (unsigned long)domlen;
+#ifdef UNICODE
+ ntlm->identity.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
+#else
ntlm->identity.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
+#endif
}
else
ntlm->p_identity = NULL;