From f41deddde879c15350df880b1c8959bb521cd679 Mon Sep 17 00:00:00 2001 From: Steve Holme Date: Thu, 9 May 2019 00:30:09 +0100 Subject: ntlm: Ensure the HTTP header data is not stored in the challenge/response --- lib/curl_ntlm_wb.c | 24 ++++++++++++------------ lib/urldata.h | 4 ++-- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/lib/curl_ntlm_wb.c b/lib/curl_ntlm_wb.c index 3c38fee38..3d991b4c5 100644 --- a/lib/curl_ntlm_wb.c +++ b/lib/curl_ntlm_wb.c @@ -108,8 +108,8 @@ static void ntlm_wb_cleanup(struct ntlmdata *ntlm) ntlm->ntlm_auth_hlpr_pid = 0; } - Curl_safefree(ntlm->challenge_header); - Curl_safefree(ntlm->response_header); + Curl_safefree(ntlm->challenge); + Curl_safefree(ntlm->response); } static CURLcode ntlm_wb_init(struct connectdata *conn, struct ntlmdata *ntlm, @@ -325,9 +325,9 @@ static CURLcode ntlm_wb_response(struct connectdata *conn, (buf[0]!='A' || buf[1]!='F' || buf[2]!=' ')) goto done; - ntlm->response_header = aprintf("NTLM %.*s", len_out - 4, buf + 3); + ntlm->response = aprintf("%.*s", len_out - 4, buf + 3); free(buf); - if(!ntlm->response_header) + if(!ntlm->response) return CURLE_OUT_OF_MEMORY; return CURLE_OK; done: @@ -350,8 +350,8 @@ CURLcode Curl_input_ntlm_wb(struct connectdata *conn, header++; if(*header) { - ntlm->challenge_header = strdup(header); - if(!ntlm->challenge_header) + ntlm->challenge = strdup(header); + if(!ntlm->challenge) return CURLE_OUT_OF_MEMORY; *state = NTLMSTATE_TYPE2; /* We got a type-2 message */ @@ -443,17 +443,17 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn, return res; free(*allocuserpwd); - *allocuserpwd = aprintf("%sAuthorization: %s\r\n", + *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n", proxy ? "Proxy-" : "", - ntlm->response_header); + ntlm->response); DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd)); - Curl_safefree(ntlm->response_header); + Curl_safefree(ntlm->response); if(!*allocuserpwd) return CURLE_OUT_OF_MEMORY; break; case NTLMSTATE_TYPE2: { - char *input = aprintf("TT %s\n", ntlm->challenge_header); + char *input = aprintf("TT %s\n", ntlm->challenge); if(!input) return CURLE_OUT_OF_MEMORY; res = ntlm_wb_response(conn, ntlm, input, *state); @@ -462,9 +462,9 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn, return res; free(*allocuserpwd); - *allocuserpwd = aprintf("%sAuthorization: %s\r\n", + *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n", proxy ? "Proxy-" : "", - ntlm->response_header); + ntlm->response); DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd)); *state = NTLMSTATE_TYPE3; /* we sent a type-3 */ authp->done = TRUE; diff --git a/lib/urldata.h b/lib/urldata.h index 239f65ec7..e2afc6406 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -372,8 +372,8 @@ struct ntlmdata { /* used for communication with Samba's winbind daemon helper ntlm_auth */ curl_socket_t ntlm_auth_hlpr_socket; pid_t ntlm_auth_hlpr_pid; - char *challenge_header; - char *response_header; + char *challenge; /* The received base64 encoded ntlm type-2 message */ + char *response; /* The generated base64 ntlm type-1/type-3 message */ #endif #endif }; -- cgit v1.2.3