diff options
| -rw-r--r-- | lib/curl_schannel.c | 38 | ||||
| -rw-r--r-- | lib/curl_schannel.h | 7 |
2 files changed, 34 insertions, 11 deletions
diff --git a/lib/curl_schannel.c b/lib/curl_schannel.c index c7d0468fd..dc8b21ebd 100644 --- a/lib/curl_schannel.c +++ b/lib/curl_schannel.c @@ -309,13 +309,18 @@ schannel_connect_step2(struct connectdata *conn, int sockindex) } /* if we need a bigger buffer to read a full message, increase buffer now */ - if(connssl->encdata_offset == connssl->encdata_length) { - if(connssl->encdata_length >= CURL_SCHANNEL_BUFFER_INIT_SIZE * 16) + if(connssl->encdata_length - connssl->encdata_offset < + CURL_SCHANNEL_BUFFER_FREE_SIZE) { + if(connssl->encdata_length >= CURL_SCHANNEL_BUFFER_MAX_SIZE) { + failf(data, "schannel: memory buffer size limit reached"); return CURLE_OUT_OF_MEMORY; + } + /* increase internal encrypted data buffer */ - connssl->encdata_length *= 2; + connssl->encdata_length *= CURL_SCHANNEL_BUFFER_STEP_FACTOR; connssl->encdata_buffer = realloc(connssl->encdata_buffer, connssl->encdata_length); + if(connssl->encdata_buffer == NULL) { failf(data, "schannel: unable to re-allocate memory"); return CURLE_OUT_OF_MEMORY; @@ -826,17 +831,25 @@ schannel_recv(struct connectdata *conn, int sockindex, connssl->decdata_buffer = malloc(connssl->decdata_length); if(connssl->decdata_buffer == NULL) { failf(data, "schannel: unable to allocate memory"); - return CURLE_OUT_OF_MEMORY; + *err = CURLE_OUT_OF_MEMORY; + return -1; } } /* increase buffer in order to fit the requested amount of data */ while(connssl->encdata_length - connssl->encdata_offset < - CURL_SCHANNEL_BUFFER_STEP_SIZE || connssl->encdata_length < len) { + CURL_SCHANNEL_BUFFER_FREE_SIZE || connssl->encdata_length < len) { + if(connssl->encdata_length >= CURL_SCHANNEL_BUFFER_MAX_SIZE) { + failf(data, "schannel: memory buffer size limit reached"); + *err = CURLE_OUT_OF_MEMORY; + return -1; + } + /* increase internal encrypted data buffer */ - connssl->encdata_length += CURL_SCHANNEL_BUFFER_STEP_SIZE; + connssl->encdata_length *= CURL_SCHANNEL_BUFFER_STEP_FACTOR; connssl->encdata_buffer = realloc(connssl->encdata_buffer, connssl->encdata_length); + if(connssl->encdata_buffer == NULL) { failf(data, "schannel: unable to re-allocate memory"); *err = CURLE_OUT_OF_MEMORY; @@ -901,14 +914,21 @@ schannel_recv(struct connectdata *conn, int sockindex, inbuf[1].cbBuffer); /* increase buffer in order to fit the received amount of data */ - size = inbuf[1].cbBuffer > CURL_SCHANNEL_BUFFER_STEP_SIZE ? - inbuf[1].cbBuffer : CURL_SCHANNEL_BUFFER_STEP_SIZE; + size = inbuf[1].cbBuffer > CURL_SCHANNEL_BUFFER_FREE_SIZE ? + inbuf[1].cbBuffer : CURL_SCHANNEL_BUFFER_FREE_SIZE; while(connssl->decdata_length - connssl->decdata_offset < size || connssl->decdata_length < len) { + if(connssl->decdata_length >= CURL_SCHANNEL_BUFFER_MAX_SIZE) { + failf(data, "schannel: memory buffer size limit reached"); + *err = CURLE_OUT_OF_MEMORY; + return -1; + } + /* increase internal decrypted data buffer */ - connssl->decdata_length += size; + connssl->decdata_length *= CURL_SCHANNEL_BUFFER_STEP_FACTOR; connssl->decdata_buffer = realloc(connssl->decdata_buffer, connssl->decdata_length); + if(connssl->decdata_buffer == NULL) { failf(data, "schannel: unable to re-allocate memory"); *err = CURLE_OUT_OF_MEMORY; diff --git a/lib/curl_schannel.h b/lib/curl_schannel.h index 7cdd2d142..4f48f16e6 100644 --- a/lib/curl_schannel.h +++ b/lib/curl_schannel.h @@ -95,12 +95,15 @@ #ifdef BUFSIZE #define CURL_SCHANNEL_BUFFER_INIT_SIZE BUFSIZE -#define CURL_SCHANNEL_BUFFER_STEP_SIZE BUFSIZE/2 +#define CURL_SCHANNEL_BUFFER_FREE_SIZE BUFSIZE/2 #else #define CURL_SCHANNEL_BUFFER_INIT_SIZE 4096 -#define CURL_SCHANNEL_BUFFER_STEP_SIZE 2048 +#define CURL_SCHANNEL_BUFFER_FREE_SIZE 2048 #endif +#define CURL_SCHANNEL_BUFFER_MAX_SIZE CURL_SCHANNEL_BUFFER_INIT_SIZE*16 +#define CURL_SCHANNEL_BUFFER_STEP_FACTOR 2 + CURLcode Curl_schannel_connect(struct connectdata *conn, int sockindex); |