aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/http_ntlm.c21
-rw-r--r--lib/transfer.c48
-rw-r--r--lib/urldata.h3
3 files changed, 43 insertions, 29 deletions
diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c
index af0d960a7..4c2dddbb8 100644
--- a/lib/http_ntlm.c
+++ b/lib/http_ntlm.c
@@ -204,10 +204,17 @@ static void mkhash(char *password,
unsigned char lmbuffer[21];
unsigned char ntbuffer[21];
- unsigned char pw[256]; /* for maximum 128-letter passwords! */
- int len = strlen(password);
- unsigned char magic[] = { 0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 };
+ unsigned char *pw;
+ static const unsigned char magic[] = {
+ 0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25
+ };
int i;
+ int len = strlen(password);
+
+ /* make it fit at least 14 bytes */
+ pw = malloc(len<7?14:len*2);
+ if(!pw)
+ return; /* this will lead to a badly generated package */
if (len > 14)
len = 14;
@@ -249,12 +256,14 @@ static void mkhash(char *password,
MD4_Update(&MD4, pw, 2*len);
MD4_Final(ntbuffer, &MD4);
- memset(ntbuffer+16, 0, 5);
+ memset(ntbuffer+16, 0, 8);
}
/* create responses */
calc_resp(lmbuffer, nonce, lmresp);
calc_resp(ntbuffer, nonce, ntresp);
+
+ free(pw);
}
/* convert an ascii string to upper case unicode, the destination buffer
@@ -399,8 +408,8 @@ CURLcode Curl_output_ntlm(struct connectdata *conn)
int lmrespoff;
int ntrespoff;
int useroff;
- unsigned char lmresp[0x18+1];
- unsigned char ntresp[0x18+1];
+ unsigned char lmresp[0x18]; /* fixed-size */
+ unsigned char ntresp[0x18]; /* fixed-size */
int userlen = strlen(data->state.user);
diff --git a/lib/transfer.c b/lib/transfer.c
index a8c4f46de..771ec53c6 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -291,6 +291,7 @@ CURLcode Curl_readwrite(struct connectdata *conn,
int hbufp_index;
int rest_length;
int full_length;
+ int writetype;
/* str_start is start of line within buf */
k->str_start = k->str;
@@ -437,13 +438,13 @@ CURLcode Curl_readwrite(struct connectdata *conn,
/* now, only output this if the header AND body are requested:
*/
- k->writetype = CLIENTWRITE_HEADER;
+ writetype = CLIENTWRITE_HEADER;
if (data->set.http_include_header)
- k->writetype |= CLIENTWRITE_BODY;
+ writetype |= CLIENTWRITE_BODY;
headerlen = k->p - data->state.headerbuff;
- result = Curl_client_write(data, k->writetype,
+ result = Curl_client_write(data, writetype,
data->state.headerbuff,
headerlen);
if(result)
@@ -795,8 +796,6 @@ CURLcode Curl_readwrite(struct connectdata *conn,
*ptr = '\0'; /* zero terminate */
conn->newurl = strdup(start); /* clone string */
*ptr = backup; /* restore ending letter */
-
- k->returnbeforebody = TRUE; /* don't wait for contents */
}
}
#if 0 /* for consideration */
@@ -812,16 +811,15 @@ CURLcode Curl_readwrite(struct connectdata *conn,
* End of header-checks. Write them to the client.
*/
- k->writetype = CLIENTWRITE_HEADER;
+ writetype = CLIENTWRITE_HEADER;
if (data->set.http_include_header)
- k->writetype |= CLIENTWRITE_BODY;
+ writetype |= CLIENTWRITE_BODY;
if(data->set.verbose)
Curl_debug(data, CURLINFO_HEADER_IN,
k->p, k->hbuflen);
- result = Curl_client_write(data, k->writetype, k->p,
- k->hbuflen);
+ result = Curl_client_write(data, writetype, k->p, k->hbuflen);
if(result)
return result;
@@ -854,15 +852,22 @@ CURLcode Curl_readwrite(struct connectdata *conn,
write a piece of the body */
if(conn->protocol&PROT_HTTP) {
/* HTTP-only checks */
- if (conn->newurl && k->returnbeforebody) {
- /* abort after the headers if "follow Location" is set */
- infof (data, "Send request to this URL: %s\n", conn->newurl);
- k->keepon &= ~KEEP_READ;
- FD_ZERO(&k->rkeepfd);
- *done = TRUE;
- return CURLE_OK;
+ if (conn->newurl) {
+ if(conn->bits.close) {
+ /* Abort after the headers if "follow Location" is set
+ and we're set to close anyway. */
+ k->keepon &= ~KEEP_READ;
+ FD_ZERO(&k->rkeepfd);
+ *done = TRUE;
+ return CURLE_OK;
+ }
+ /* We have a new url to load, but since we want to be able
+ to re-use this connection properly, we read the full
+ response in "ignore more" */
+ k->ignorebody = TRUE;
+ infof(data, "Ignoring the response-body\n");
}
- else if (conn->resume_from &&
+ if (conn->resume_from &&
!k->content_range &&
(data->set.httpreq==HTTPREQ_GET)) {
/* we wanted to resume a download, although the server
@@ -963,7 +968,7 @@ CURLcode Curl_readwrite(struct connectdata *conn,
if(!conn->bits.chunk && (nread || k->badheader)) {
/* If this is chunky transfer, it was already written */
- if(k->badheader) {
+ if(k->badheader && !k->ignorebody) {
/* we parsed a piece of data wrongly assuming it was a header
and now we output it as body instead */
result = Curl_client_write(data, CLIENTWRITE_BODY,
@@ -984,8 +989,9 @@ CURLcode Curl_readwrite(struct connectdata *conn,
Content-Encoding header. See Curl_readwrite_init; the
memset() call initializes k->content_encoding to zero.
08/28/02 jhrg */
- result = Curl_client_write(data, CLIENTWRITE_BODY, k->str,
- nread);
+ if(!k->ignorebody)
+ result = Curl_client_write(data, CLIENTWRITE_BODY, k->str,
+ nread);
#ifdef HAVE_LIBZ
break;
@@ -1266,7 +1272,7 @@ CURLcode Curl_readwrite_init(struct connectdata *conn)
k->maxfd = (conn->sockfd>conn->writesockfd?
conn->sockfd:conn->writesockfd)+1;
k->hbufp = data->state.headerbuff;
- k->returnbeforebody=FALSE;
+ k->ignorebody=FALSE;
Curl_pgrsTime(data, TIMER_PRETRANSFER);
Curl_speedinit(data);
diff --git a/lib/urldata.h b/lib/urldata.h
index c1e597971..c24e1c0dd 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -340,7 +340,6 @@ struct Curl_transfer_keeper {
/* for the low speed checks: */
time_t timeofdoc;
long bodywrites;
- int writetype;
char *buf;
char *uploadbuf;
@@ -360,7 +359,7 @@ struct Curl_transfer_keeper {
bool upload_done; /* set to TRUE when doing chunked transfer-encoding upload
and we're uploading the last chunk */
- bool returnbeforebody; /* if to break transfer after headers */
+ bool ignorebody; /* we read a response-body but we ignore it! */
};
/*