diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2014-03-20 11:17:40 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2014-06-11 23:15:48 +0200 |
| commit | e95ca7cec9c8907646a2bf87e295a638d5b518fc (patch) | |
| tree | 62a7b361221a967288d0e0e83bda9d876ed1e232 /lib/curl_sasl.c | |
| parent | ceacbacd149aa64612968d41c03d0577d427f075 (diff) | |
NTLM: set a fake entropy for debug builds with CURL_ENTROPY set
Curl_rand() will return a dummy and repatable random value for this
case. Makes it possible to write test cases that verify output.
Also, fake timestamp with CURL_FORCETIME set.
Only when built debug enabled of course.
Curl_ssl_random() was not used anymore so it has been
removed. Curl_rand() is enough.
create_digest_md5_message: generate base64 instead of hex string
curl_sasl: also fix memory leaks in some OOM situations
Diffstat (limited to 'lib/curl_sasl.c')
| -rw-r--r-- | lib/curl_sasl.c | 56 |
1 files changed, 29 insertions, 27 deletions
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c index b0ac9b6d5..13592cfd7 100644 --- a/lib/curl_sasl.c +++ b/lib/curl_sasl.c @@ -411,19 +411,13 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, char HA1_hex[2 * MD5_DIGEST_LEN + 1]; char HA2_hex[2 * MD5_DIGEST_LEN + 1]; char resp_hash_hex[2 * MD5_DIGEST_LEN + 1]; - char nonce[64]; char realm[128]; char algorithm[64]; char qop_options[64]; int qop_values; - char cnonce[33]; - unsigned int cnonce1 = 0; - unsigned int cnonce2 = 0; - unsigned int cnonce3 = 0; - unsigned int cnonce4 = 0; - + unsigned int entropy[4]; char nonceCount[] = "00000001"; char method[] = "AUTHENTICATE"; char qop[] = DIGEST_QOP_VALUE_STRING_AUTH; @@ -450,22 +444,22 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, if(!(qop_values & DIGEST_QOP_VALUE_AUTH)) return CURLE_BAD_CONTENT_ENCODING; -#ifndef DEBUGBUILD /* Generate 16 bytes of random data */ - cnonce1 = Curl_rand(data); - cnonce2 = Curl_rand(data); - cnonce3 = Curl_rand(data); - cnonce4 = Curl_rand(data); -#endif + entropy[0] = Curl_rand(data); + entropy[1] = Curl_rand(data); + entropy[2] = Curl_rand(data); + entropy[3] = Curl_rand(data); /* Convert the random data into a 32 byte hex string */ snprintf(cnonce, sizeof(cnonce), "%08x%08x%08x%08x", - cnonce1, cnonce2, cnonce3, cnonce4); + entropy[0], entropy[1], entropy[2], entropy[3]); /* So far so good, now calculate A1 and H(A1) according to RFC 2831 */ ctxt = Curl_MD5_init(Curl_DIGEST_MD5); - if(!ctxt) - return CURLE_OUT_OF_MEMORY; + if(!ctxt) { + result = CURLE_OUT_OF_MEMORY; + goto fail; + } Curl_MD5_update(ctxt, (const unsigned char *) userp, curlx_uztoui(strlen(userp))); @@ -478,8 +472,10 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, Curl_MD5_final(ctxt, digest); ctxt = Curl_MD5_init(Curl_DIGEST_MD5); - if(!ctxt) - return CURLE_OUT_OF_MEMORY; + if(!ctxt) { + result = CURLE_OUT_OF_MEMORY; + goto fail; + } Curl_MD5_update(ctxt, (const unsigned char *) digest, MD5_DIGEST_LEN); Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); @@ -499,8 +495,10 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, /* Calculate H(A2) */ ctxt = Curl_MD5_init(Curl_DIGEST_MD5); - if(!ctxt) - return CURLE_OUT_OF_MEMORY; + if(!ctxt) { + result = CURLE_OUT_OF_MEMORY; + goto fail; + } Curl_MD5_update(ctxt, (const unsigned char *) method, curlx_uztoui(strlen(method))); @@ -514,8 +512,10 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, /* Now calculate the response hash */ ctxt = Curl_MD5_init(Curl_DIGEST_MD5); - if(!ctxt) - return CURLE_OUT_OF_MEMORY; + if(!ctxt) { + result = CURLE_OUT_OF_MEMORY; + goto fail; + } Curl_MD5_update(ctxt, (const unsigned char *) HA1_hex, 2 * MD5_DIGEST_LEN); Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); @@ -544,16 +544,18 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, "cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\",response=%s," "qop=%s", userp, realm, nonce, - cnonce, nonceCount, uri, resp_hash_hex, - qop); - if(!response) - return CURLE_OUT_OF_MEMORY; + cnonce, nonceCount, uri, resp_hash_hex); + if(!response) { + result = CURLE_OUT_OF_MEMORY; + goto fail; + } /* Base64 encode the response */ result = Curl_base64_encode(data, response, 0, outptr, outlen); - Curl_safefree(response); + fail: + free(response); return result; } #endif /* USE_WINDOWS_SSPI */ |