cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: [PATCH 1/2 v2] ntlm_wb: Fix hard-coded limit on NTLM auth packet size

From: Steve Holme <steve_holme_at_hotmail.com>
Date: Sat, 12 Jul 2014 15:45:19 +0100

On Sat, 12 Jul 2014, David Woodhouse wrote:

> I'm not entirely averse to a fixed-size buffer which is "big enough".
> But it's good practice to be able to realloc and continue, and a single
> malloc/free of 1KiB instead of using the stack shouldn't hurt us.

I agree - my concerns are:

* A buffer size of 1024 may be enough so is there any point in having realloc code?
* If 1024 isn't sufficient then I think we should address not only the Winbind code but also our native implementation

I must admit I don't know what the maximum length of an NTLM packet (Type 1, 2 or 3 message) can be off the top of my head and a quick scan of Eric Glass' NTLM spec didn't help answer the question either :(

As we have a pending release this week I have pushed a very quick fix to use the NTLM_BUFSIZE constant instead of hardcoding it to 200.

Kind Regards

Steve

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-07-12

This message: [ Message body ]
Next message: David Woodhouse: "Re: [PATCH] SF bug #1302: HTTP Auth Negotiate sends Kerberos token instead of SPNEGO token"
Previous message: David Woodhouse: "[PATCH 2/2 v2] ntlm_wb: Avoid invoking ntlm_auth helper with empty username"
In reply to: David Woodhouse: "[PATCH 1/2 v2] ntlm_wb: Fix hard-coded limit on NTLM auth packet size"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]