From c56f9797e7feb7c2dc93bc389d4b85cc75220d77 Mon Sep 17 00:00:00 2001 From: Jonathan Nieder Date: Mon, 19 Aug 2013 00:36:53 -0700 Subject: sasl: allow arbitrarily long username and password Use appropriately sized buffers on the heap instead of fixed-size buffers on the stack, to allow for longer usernames and passwords. Callers never pass anything longer than MAX_CURL_USER_LENGTH (resp. MAX_CURL_PASSWORD_LENGTH), so no functional change inteded yet. --- lib/curl_sasl.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) (limited to 'lib') diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c index fcb001948..924be4bbc 100644 --- a/lib/curl_sasl.c +++ b/lib/curl_sasl.c @@ -94,18 +94,18 @@ CURLcode Curl_sasl_create_plain_message(struct SessionHandle *data, const char *passwdp, char **outptr, size_t *outlen) { - char plainauth[2 * MAX_CURL_USER_LENGTH + MAX_CURL_PASSWORD_LENGTH]; + CURLcode result; + char *plainauth; size_t ulen; size_t plen; ulen = strlen(userp); plen = strlen(passwdp); - if(2 * ulen + plen + 2 > sizeof(plainauth)) { + plainauth = malloc(2 * ulen + plen + 2); + if(!plainauth) { *outlen = 0; *outptr = NULL; - - /* Plainauth too small */ return CURLE_OUT_OF_MEMORY; } @@ -117,8 +117,10 @@ CURLcode Curl_sasl_create_plain_message(struct SessionHandle *data, memcpy(plainauth + 2 * ulen + 2, passwdp, plen); /* Base64 encode the reply */ - return Curl_base64_encode(data, plainauth, 2 * ulen + plen + 2, outptr, - outlen); + result = Curl_base64_encode(data, plainauth, 2 * ulen + plen + 2, outptr, + outlen); + Curl_safefree(plainauth); + return result; } /* @@ -190,7 +192,7 @@ CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data, size_t chlglen = 0; HMAC_context *ctxt; unsigned char digest[MD5_DIGEST_LEN]; - char response[MAX_CURL_USER_LENGTH + 2 * MD5_DIGEST_LEN + 1]; + char *response; /* Decode the challenge if necessary */ if(chlg64len && *chlg64 != '=') { @@ -220,14 +222,19 @@ CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data, Curl_HMAC_final(ctxt, digest); /* Prepare the response */ - snprintf(response, sizeof(response), + response = aprintf( "%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", userp, digest[0], digest[1], digest[2], digest[3], digest[4], digest[5], digest[6], digest[7], digest[8], digest[9], digest[10], digest[11], digest[12], digest[13], digest[14], digest[15]); + if(!response) + return CURLE_OUT_OF_MEMORY; /* Base64 encode the reply */ - return Curl_base64_encode(data, response, 0, outptr, outlen); + result = Curl_base64_encode(data, response, 0, outptr, outlen); + + Curl_safefree(response); + return result; } /* -- cgit v1.2.3