From aaaf9e50ec8aec5144bcb5204b6ea80ec13384a6 Mon Sep 17 00:00:00 2001 From: Steve Holme Date: Sat, 12 Jul 2014 14:56:47 +0100 Subject: ntlm_wb: Fixed buffer size not being large enough for NTLMv2 sessions Bug: http://curl.haxx.se/mail/lib-2014-07/0103.html Reported-by: David Woodhouse --- lib/curl_ntlm_wb.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/curl_ntlm_wb.c b/lib/curl_ntlm_wb.c index 0a221e069..57f714205 100644 --- a/lib/curl_ntlm_wb.c +++ b/lib/curl_ntlm_wb.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2012, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -43,6 +43,7 @@ #include "urldata.h" #include "sendf.h" #include "select.h" +#include "curl_ntlm_msgs.h" #include "curl_ntlm_wb.h" #include "url.h" #include "strerror.h" @@ -227,9 +228,10 @@ static CURLcode ntlm_wb_response(struct connectdata *conn, const char *input, curlntlm state) { ssize_t size; - char buf[200]; /* enough, type 1, 3 message length is less then 200 */ + char buf[NTLM_BUFSIZE]; char *tmpbuf = buf; - size_t len_in = strlen(input), len_out = sizeof(buf); + size_t len_in = strlen(input); + size_t len_out = sizeof(buf); while(len_in > 0) { ssize_t written = swrite(conn->ntlm_auth_hlpr_socket, input, len_in); -- cgit v1.2.3