curl-library
Re: [PATCH 1/2] ntlm_wb: Fix hard-coded limit on NTLM auth packet size
Date: Fri, 11 Jul 2014 23:18:58 +0200
Am 2014-07-11 23:05, schrieb Steve Holme:
> On Fri, 11 Jul 2014, Steve Holme wrote:
>
>> 200 bytes is not enough; I currently see 516 bytes for an NTLMv2
>> session auth with target_info included. I can't bring myself just to
>> take the easy option and increase the buffer size. Instead, make it
>> reallocate as needed instead of having a hard limit.
>
> We currently use NTLM_BUFSIZE (as defined in curl_ntlm_msg.h) for the native
> implementation - I'm not necessarily saying this is good practise but at
> least it would be consistent and nice and quick (both in terms of a fix and
> in performance) ;-)
>
> I have quickly reviewed your patch and there are a few lines that don't
> follow the curl coding standards - which I can fix up before I push.
>
> However, I would be interested to hear other user's views on a hardcoded
> buffer size versus having to read the input and reallocate the buffer if it
> isn't long enough first.
If a static size is enough for most cases, this is fine but I do not
think that it makes sense to use something like char *buf = char[SIZE]
and then realizing at runtime that this is not enough and then resort to
malloc along with a memset. I like David's approach: char *buf =
malloc(SIZE) and then realloc if needed. Yes -- a malloc requires a free
but that should not be a problem.
WDYT?
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-07-11