diff options
| author | Steve Holme <steve_holme@hotmail.com> | 2014-08-09 17:28:19 +0100 |
|---|---|---|
| committer | Steve Holme <steve_holme@hotmail.com> | 2014-08-09 18:40:10 +0100 |
| commit | ff5dcb8df209d486534e5eb0487d5aab69564f38 (patch) | |
| tree | 6a8d69fc2afa51db3bc3a2a1c8341661d9463354 /lib/curl_sasl.c | |
| parent | f187372f0a9289bcece892864175e4ec7f032b54 (diff) | |
sasl: Use a dynamic buffer for SPN generation
Updated Curl_sasl_create_digest_md5_message() to use a dynamic buffer
for the SPN generation via the recently introduced Curl_sasl_build_spn()
function rather than a fixed buffer of 128 characters.
Diffstat (limited to 'lib/curl_sasl.c')
| -rw-r--r-- | lib/curl_sasl.c | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c index 75efca3e8..f9482255d 100644 --- a/lib/curl_sasl.c +++ b/lib/curl_sasl.c @@ -441,7 +441,7 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, char nonceCount[] = "00000001"; char method[] = "AUTHENTICATE"; char qop[] = DIGEST_QOP_VALUE_STRING_AUTH; - char uri[128]; + char *uri = NULL; /* Decode the challange message */ result = sasl_decode_digest_md5_message(chlg64, nonce, sizeof(nonce), @@ -507,12 +507,17 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, snprintf(&HA1_hex[2 * i], 3, "%02x", digest[i]); /* Prepare the URL string */ - snprintf(uri, sizeof(uri), "%s/%s", service, realm); + uri = Curl_sasl_build_spn(service, realm); + if(!uri) + return CURLE_OUT_OF_MEMORY; /* Calculate H(A2) */ ctxt = Curl_MD5_init(Curl_DIGEST_MD5); - if(!ctxt) + if(!ctxt) { + Curl_safefree(uri); + return CURLE_OUT_OF_MEMORY; + } Curl_MD5_update(ctxt, (const unsigned char *) method, curlx_uztoui(strlen(method))); @@ -526,8 +531,11 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, /* Now calculate the response hash */ ctxt = Curl_MD5_init(Curl_DIGEST_MD5); - if(!ctxt) + if(!ctxt) { + Curl_safefree(uri); + return CURLE_OUT_OF_MEMORY; + } Curl_MD5_update(ctxt, (const unsigned char *) HA1_hex, 2 * MD5_DIGEST_LEN); Curl_MD5_update(ctxt, (const unsigned char *) ":", 1); @@ -563,7 +571,9 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, /* Base64 encode the response */ result = Curl_base64_encode(data, response, 0, outptr, outlen); - free(response); + Curl_safefree(response); + Curl_safefree(uri); + return result; } #endif /* USE_WINDOWS_SSPI */ |