From cd6ecf6a899c49fee6ebd21f5a162d55632d4b85 Mon Sep 17 00:00:00 2001 From: Steve Holme Date: Sun, 10 Aug 2014 11:01:27 +0100 Subject: sasl_sspi: Fixed hard coded buffer for response generation Given the SSPI package info query indicates a token size of 4096 bytes, updated to use a dynamic buffer for the response message generation rather than a fixed buffer of 1024 bytes. --- lib/curl_sasl_sspi.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) (limited to 'lib/curl_sasl_sspi.c') diff --git a/lib/curl_sasl_sspi.c b/lib/curl_sasl_sspi.c index f570332fd..d25aabf97 100644 --- a/lib/curl_sasl_sspi.c +++ b/lib/curl_sasl_sspi.c @@ -118,8 +118,9 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, CURLcode result = CURLE_OK; TCHAR *spn = NULL; size_t chlglen = 0; + size_t resp_max = 0; unsigned char *chlg = NULL; - unsigned char resp[1024]; + unsigned char *resp = NULL; CredHandle handle; CtxtHandle ctx; PSecPkgInfo SecurityPackage; @@ -155,15 +156,27 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, &SecurityPackage); if(status != SEC_E_OK) { Curl_safefree(chlg); + return CURLE_NOT_BUILT_IN; } + resp_max = SecurityPackage->cbMaxToken; + /* Release the package buffer as it is not required anymore */ s_pSecFn->FreeContextBuffer(SecurityPackage); + /* Allocate our response buffer */ + resp = malloc(resp_max); + if(!resp) { + Curl_safefree(chlg); + + return CURLE_OUT_OF_MEMORY; + } + /* Generate our SPN */ spn = Curl_sasl_build_spn(service, data->easy_conn->host.name); if(!spn) { + Curl_safefree(resp); Curl_safefree(chlg); return CURLE_OUT_OF_MEMORY; @@ -173,6 +186,7 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, result = Curl_create_sspi_identity(userp, passwdp, &identity); if(result) { Curl_safefree(spn); + Curl_safefree(resp); Curl_safefree(chlg); return result; @@ -188,6 +202,7 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, if(status != SEC_E_OK) { Curl_sspi_free_identity(&identity); Curl_safefree(spn); + Curl_safefree(resp); Curl_safefree(chlg); return CURLE_OUT_OF_MEMORY; @@ -207,7 +222,7 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, resp_desc.pBuffers = &resp_buf; resp_buf.BufferType = SECBUFFER_TOKEN; resp_buf.pvBuffer = resp; - resp_buf.cbBuffer = sizeof(resp); + resp_buf.cbBuffer = curlx_uztoul(resp_max); /* Generate our challenge-response message */ status = s_pSecFn->InitializeSecurityContext(&handle, NULL, spn, 0, 0, 0, @@ -221,6 +236,7 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, s_pSecFn->FreeCredentialsHandle(&handle); Curl_sspi_free_identity(&identity); Curl_safefree(spn); + Curl_safefree(resp); Curl_safefree(chlg); return CURLE_RECV_ERROR; @@ -240,6 +256,9 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, /* Free the SPN */ Curl_safefree(spn); + /* Free the response buffer */ + Curl_safefree(resp); + /* Free the decoeded challenge message */ Curl_safefree(chlg); -- cgit v1.2.3