diff options
author | Jonathan Nieder <jrnieder@gmail.com> | 2013-08-19 00:36:53 -0700 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2013-08-20 11:16:38 +0200 |
commit | c56f9797e7feb7c2dc93bc389d4b85cc75220d77 (patch) | |
tree | 6f89c8776442b7e73818d910fddf62bd7bb726b6 /lib | |
parent | 9281be36d5206f02336236a7c90020449109816e (diff) |
sasl: allow arbitrarily long username and password
Use appropriately sized buffers on the heap instead of fixed-size
buffers on the stack, to allow for longer usernames and passwords.
Callers never pass anything longer than MAX_CURL_USER_LENGTH (resp.
MAX_CURL_PASSWORD_LENGTH), so no functional change inteded yet.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/curl_sasl.c | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c index fcb001948..924be4bbc 100644 --- a/lib/curl_sasl.c +++ b/lib/curl_sasl.c @@ -94,18 +94,18 @@ CURLcode Curl_sasl_create_plain_message(struct SessionHandle *data, const char *passwdp, char **outptr, size_t *outlen) { - char plainauth[2 * MAX_CURL_USER_LENGTH + MAX_CURL_PASSWORD_LENGTH]; + CURLcode result; + char *plainauth; size_t ulen; size_t plen; ulen = strlen(userp); plen = strlen(passwdp); - if(2 * ulen + plen + 2 > sizeof(plainauth)) { + plainauth = malloc(2 * ulen + plen + 2); + if(!plainauth) { *outlen = 0; *outptr = NULL; - - /* Plainauth too small */ return CURLE_OUT_OF_MEMORY; } @@ -117,8 +117,10 @@ CURLcode Curl_sasl_create_plain_message(struct SessionHandle *data, memcpy(plainauth + 2 * ulen + 2, passwdp, plen); /* Base64 encode the reply */ - return Curl_base64_encode(data, plainauth, 2 * ulen + plen + 2, outptr, - outlen); + result = Curl_base64_encode(data, plainauth, 2 * ulen + plen + 2, outptr, + outlen); + Curl_safefree(plainauth); + return result; } /* @@ -190,7 +192,7 @@ CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data, size_t chlglen = 0; HMAC_context *ctxt; unsigned char digest[MD5_DIGEST_LEN]; - char response[MAX_CURL_USER_LENGTH + 2 * MD5_DIGEST_LEN + 1]; + char *response; /* Decode the challenge if necessary */ if(chlg64len && *chlg64 != '=') { @@ -220,14 +222,19 @@ CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data, Curl_HMAC_final(ctxt, digest); /* Prepare the response */ - snprintf(response, sizeof(response), + response = aprintf( "%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", userp, digest[0], digest[1], digest[2], digest[3], digest[4], digest[5], digest[6], digest[7], digest[8], digest[9], digest[10], digest[11], digest[12], digest[13], digest[14], digest[15]); + if(!response) + return CURLE_OUT_OF_MEMORY; /* Base64 encode the reply */ - return Curl_base64_encode(data, response, 0, outptr, outlen); + result = Curl_base64_encode(data, response, 0, outptr, outlen); + + Curl_safefree(response); + return result; } /* |