From 9008f3d5646f1f32cfe5f06e5e03f56f867a5b04 Mon Sep 17 00:00:00 2001
From: David Woodhouse <David.Woodhouse@intel.com>
Date: Fri, 11 Jul 2014 10:27:18 +0100
Subject: ntlm_wb: Fix hard-coded limit on NTLM auth packet size

Bumping it to 1KiB in commit aaaf9e50ec is all very well, but having hit
a hard limit once let's just make it cope by reallocating as necessary.
---
 lib/curl_ntlm_wb.c | 39 +++++++++++++++++++++++++--------------
 1 file changed, 25 insertions(+), 14 deletions(-)

(limited to 'lib')

diff --git a/lib/curl_ntlm_wb.c b/lib/curl_ntlm_wb.c
index 57f714205..e47b88afb 100644
--- a/lib/curl_ntlm_wb.c
+++ b/lib/curl_ntlm_wb.c
@@ -227,11 +227,11 @@ done:
 static CURLcode ntlm_wb_response(struct connectdata *conn,
                                  const char *input, curlntlm state)
 {
-  ssize_t size;
-  char buf[NTLM_BUFSIZE];
-  char *tmpbuf = buf;
-  size_t len_in = strlen(input);
-  size_t len_out = sizeof(buf);
+  char *buf = malloc(NTLM_BUFSIZE);
+  size_t len_in = strlen(input), len_out = 0;
+
+  if(!buf)
+    return CURLE_OUT_OF_MEMORY;
 
   while(len_in > 0) {
     ssize_t written = swrite(conn->ntlm_auth_hlpr_socket, input, len_in);
@@ -246,8 +246,11 @@ static CURLcode ntlm_wb_response(struct connectdata *conn,
     len_in -= written;
   }
   /* Read one line */
-  while(len_out > 0) {
-    size = sread(conn->ntlm_auth_hlpr_socket, tmpbuf, len_out);
+  while(1) {
+    ssize_t size;
+    char *newbuf;
+
+    size = sread(conn->ntlm_auth_hlpr_socket, buf + len_out, NTLM_BUFSIZE);
     if(size == -1) {
       if(errno == EINTR)
         continue;
@@ -255,22 +258,28 @@ static CURLcode ntlm_wb_response(struct connectdata *conn,
     }
     else if(size == 0)
       goto done;
-    else if(tmpbuf[size - 1] == '\n') {
-      tmpbuf[size - 1] = '\0';
+
+    len_out += size;
+    if(buf[len_out - 1] == '\n') {
+      buf[len_out - 1] = '\0';
       goto wrfinish;
     }
-    tmpbuf += size;
-    len_out -= size;
+    newbuf = realloc(buf, len_out + NTLM_BUFSIZE);
+    if(!newbuf) {
+      free(buf);
+      return CURLE_OUT_OF_MEMORY;
+    }
+    buf = newbuf;
   }
   goto done;
 wrfinish:
   /* Samba/winbind installed but not configured */
   if(state == NTLMSTATE_TYPE1 &&
-     size == 3 &&
+     len_out == 3 &&
      buf[0] == 'P' && buf[1] == 'W')
     return CURLE_REMOTE_ACCESS_DENIED;
   /* invalid response */
-  if(size < 4)
+  if(len_out < 4)
     goto done;
   if(state == NTLMSTATE_TYPE1 &&
      (buf[0]!='Y' || buf[1]!='R' || buf[2]!=' '))
@@ -280,9 +289,11 @@ wrfinish:
      (buf[0]!='A' || buf[1]!='F' || buf[2]!=' '))
     goto done;
 
-  conn->response_header = aprintf("NTLM %.*s", size - 4, buf + 3);
+  conn->response_header = aprintf("NTLM %.*s", len_out - 4, buf + 3);
+  free(buf);
   return CURLE_OK;
 done:
+  free(buf);
   return CURLE_REMOTE_ACCESS_DENIED;
 }
 
-- 
cgit v1.2.3