aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/curl_sasl_sspi.c13
-rw-r--r--lib/urldata.h1
2 files changed, 11 insertions, 3 deletions
diff --git a/lib/curl_sasl_sspi.c b/lib/curl_sasl_sspi.c
index ec3f2ca8c..45aca8ac4 100644
--- a/lib/curl_sasl_sspi.c
+++ b/lib/curl_sasl_sspi.c
@@ -37,6 +37,7 @@
#include "warnless.h"
#include "curl_memory.h"
#include "curl_multibyte.h"
+#include "strdup.h"
#define _MPRINTF_REPLACE /* use our functions only */
#include <curl/mprintf.h>
@@ -288,14 +289,18 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
CURLcode Curl_sasl_decode_digest_http_message(const char *chlg,
struct digestdata *digest)
{
+ size_t chlglen = strlen(chlg);
+
/* Clean up any former leftovers and initialise to defaults */
Curl_sasl_digest_cleanup(digest);
/* Simply store the challenge for use later */
- digest->input_token = (BYTE *) strdup(chlg);
+ digest->input_token = (BYTE *) Curl_memdup(chlg, chlglen);
if(!digest->input_token)
return CURLE_OUT_OF_MEMORY;
+ digest->input_token_len = chlglen;
+
return CURLE_OK;
}
@@ -392,8 +397,7 @@ CURLcode Curl_sasl_create_digest_http_message(struct SessionHandle *data,
chlg_desc.pBuffers = chlg_buf;
chlg_buf[0].BufferType = SECBUFFER_TOKEN;
chlg_buf[0].pvBuffer = digest->input_token;
- chlg_buf[0].cbBuffer = curlx_uztoul(strlen((const char *)
- digest->input_token));
+ chlg_buf[0].cbBuffer = curlx_uztoul(digest->input_token_len);
chlg_buf[1].BufferType = SECBUFFER_PKG_PARAMS;
chlg_buf[1].pvBuffer = (void *)request;
chlg_buf[1].cbBuffer = curlx_uztoul(strlen((const char *) request));
@@ -472,6 +476,9 @@ void Curl_sasl_digest_cleanup(struct digestdata *digest)
{
/* Free the input token */
Curl_safefree(digest->input_token);
+
+ /* Reset any variables */
+ digest->input_token_len = 0;
}
#endif /* !CURL_DISABLE_CRYPTO_AUTH */
diff --git a/lib/urldata.h b/lib/urldata.h
index f0f903844..6238f6204 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -393,6 +393,7 @@ struct curl_ssl_session {
struct digestdata {
#if defined(USE_WINDOWS_SSPI)
BYTE *input_token;
+ size_t input_token_len;
#else
char *nonce;
char *cnonce;