curl-library
[PATCH 1/2 v2] ntlm_wb: Fix hard-coded limit on NTLM auth packet size
From: David Woodhouse <dwmw2_at_infradead.org>
Date: Sat, 12 Jul 2014 01:22:13 +0100
Received on 2014-07-12
Date: Sat, 12 Jul 2014 01:22:13 +0100
200 bytes is not enough; I currently see 516 bytes for an NTLMv2 session
auth with target_info included. I can't bring myself just to take the easy
option and increase the buffer size. Instead, make it reallocate as needed
instead of having a hard limit.
---
v2:
- Use NTLM_BUFSIZE from curl_ntlm_msgs.h for the buffer chunk
- Don't put space between if(
I'm not entirely averse to a fixed-size buffer which is "big enough".
But it's good practice to be able to realloc and continue, and a single
malloc/free of 1KiB instead of using the stack shouldn't hurt us.
lib/curl_ntlm_wb.c | 39 ++++++++++++++++++++++++++-------------
1 file changed, 26 insertions(+), 13 deletions(-)
diff --git a/lib/curl_ntlm_wb.c b/lib/curl_ntlm_wb.c
index 0a221e0..b22d8ad 100644
--- a/lib/curl_ntlm_wb.c
+++ b/lib/curl_ntlm_wb.c
@@ -43,6 +43,7 @@
#include "urldata.h"
#include "sendf.h"
#include "select.h"
+#include "curl_ntlm_msgs.h"
#include "curl_ntlm_wb.h"
#include "url.h"
#include "strerror.h"
@@ -226,10 +227,11 @@ done:
static CURLcode ntlm_wb_response(struct connectdata *conn,
const char *input, curlntlm state)
{
- ssize_t size;
- char buf[200]; /* enough, type 1, 3 message length is less then 200 */
- char *tmpbuf = buf;
- size_t len_in = strlen(input), len_out = sizeof(buf);
+ char *buf = malloc(NTLM_BUFSIZE);
+ size_t len_in = strlen(input), len_out = 0;
+
+ if(!buf)
+ return CURLE_OUT_OF_MEMORY;
while(len_in > 0) {
ssize_t written = swrite(conn->ntlm_auth_hlpr_socket, input, len_in);
@@ -244,8 +246,11 @@ static CURLcode ntlm_wb_response(struct connectdata *conn,
len_in -= written;
}
/* Read one line */
- while(len_out > 0) {
- size = sread(conn->ntlm_auth_hlpr_socket, tmpbuf, len_out);
+ while(1) {
+ ssize_t size;
+ char *newbuf;
+
+ size = sread(conn->ntlm_auth_hlpr_socket, buf + len_out, NTLM_BUFSIZE);
if(size == -1) {
if(errno == EINTR)
continue;
@@ -253,22 +258,28 @@ static CURLcode ntlm_wb_response(struct connectdata *conn,
}
else if(size == 0)
goto done;
- else if(tmpbuf[size - 1] == '\n') {
- tmpbuf[size - 1] = '\0';
+
+ len_out += size;
+ if(buf[len_out - 1] == '\n') {
+ buf[len_out - 1] = '\0';
goto wrfinish;
}
- tmpbuf += size;
- len_out -= size;
+ newbuf = realloc(buf, len_out + NTLM_BUFSIZE);
+ if(!newbuf) {
+ free(buf);
+ return CURLE_OUT_OF_MEMORY;
+ }
+ buf = newbuf;
}
goto done;
wrfinish:
/* Samba/winbind installed but not configured */
if(state == NTLMSTATE_TYPE1 &&
- size == 3 &&
+ len_out == 3 &&
buf[0] == 'P' && buf[1] == 'W')
return CURLE_REMOTE_ACCESS_DENIED;
/* invalid response */
- if(size < 4)
+ if(len_out < 4)
goto done;
if(state == NTLMSTATE_TYPE1 &&
(buf[0]!='Y' || buf[1]!='R' || buf[2]!=' '))
@@ -278,9 +289,11 @@ wrfinish:
(buf[0]!='A' || buf[1]!='F' || buf[2]!=' '))
goto done;
- conn->response_header = aprintf("NTLM %.*s", size - 4, buf + 3);
+ conn->response_header = aprintf("NTLM %.*s", len_out - 4, buf + 3);
+ free(buf);
return CURLE_OK;
done:
+ free(buf);
return CURLE_REMOTE_ACCESS_DENIED;
}
--
1.9.3
--
dwmw2
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
- application/x-pkcs7-signature attachment: smime.p7s