cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: PATCH: Curl Sanity patch for spnego authentication

From: Arunav Sanyal <arunav.sanyal91_at_gmail.com>
Date: Thu, 3 Oct 2013 22:34:23 +0530

Hi Daniel

I understand your dilemma. The only case I envisage a crash and burn is a
server returning a gss token to a sent spnego token(I cant fathom which
ridiculous server will be implemented in that manner, though it is a
distant possibility) Furthermore since curl supports application layer
protocols, I dont really see a use case in which only gss is used(spnego is
standard in all http communication_

The problem with having a runtime check is the following:-

if (checkprefix("Negotiate", neg_ctx->protocol)) could be considered a
reasonable runtime check since it occurs earlier as well.

However in the function:-

void Curl_cleanup_negotiate(struct SessionHandle *data)
{
  cleanup(&data->state.negotiate);
  cleanup(&data->state.proxyneg);
}

and the data->state.proxyneg does not contain protocol field(as a matter of
fact, it is a bad pointer). So introducing a check with above condition
will cause it to crash.
I can edit my patch to include runtime checks everywhere except cleanup()
function. Or if someone can help me with a better run time check I will be
most grateful

-- 
Arunav Sanyal
Graduate student
B.E (Hons) Computer Science
BITS Pilani K.K Birla Goa Campus
Software Engineer
INFORMATICA BUSINESS SOLUTIONS

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-10-03