mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2024-11-27 05:50:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

sasl: allow arbitrarily long username and password

Browse Source 
Use appropriately sized buffers on the heap instead of fixed-size
buffers on the stack, to allow for longer usernames and passwords.

Callers never pass anything longer than MAX_CURL_USER_LENGTH (resp.
MAX_CURL_PASSWORD_LENGTH), so no functional change inteded yet.
This commit is contained in:
Jonathan Nieder 2013-08-19 00:36:53 -07:00 committed by Daniel Stenberg
parent 9281be36d5
commit c56f9797e7
1 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
lib/curl_sasl.c
View File

@ -94,18 +94,18 @@ CURLcode Curl_sasl_create_plain_message(struct SessionHandle *data,
const char *passwdp,
char **outptr, size_t *outlen)
{
char plainauth[2 * MAX_CURL_USER_LENGTH + MAX_CURL_PASSWORD_LENGTH];
CURLcode result;
char *plainauth;
size_t ulen;
size_t plen;
ulen = strlen(userp);
plen = strlen(passwdp);
if(2 * ulen + plen + 2 > sizeof(plainauth)) {
plainauth = malloc(2 * ulen + plen + 2);
if(!plainauth) {
*outlen = 0;
*outptr = NULL;
/* Plainauth too small */
return CURLE_OUT_OF_MEMORY;
}
@ -117,8 +117,10 @@ CURLcode Curl_sasl_create_plain_message(struct SessionHandle *data,
memcpy(plainauth + 2 * ulen + 2, passwdp, plen);
/* Base64 encode the reply */
return Curl_base64_encode(data, plainauth, 2 * ulen + plen + 2, outptr,
outlen);
result = Curl_base64_encode(data, plainauth, 2 * ulen + plen + 2, outptr,
outlen);
Curl_safefree(plainauth);
return result;
}
/*
@ -190,7 +192,7 @@ CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data,
size_t chlglen = 0;
HMAC_context *ctxt;
unsigned char digest[MD5_DIGEST_LEN];
char response[MAX_CURL_USER_LENGTH + 2 * MD5_DIGEST_LEN + 1];
char *response;
/* Decode the challenge if necessary */
if(chlg64len && *chlg64 != '=') {
@ -220,14 +222,19 @@ CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data,
Curl_HMAC_final(ctxt, digest);
/* Prepare the response */
snprintf(response, sizeof(response),
response = aprintf(
"%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
userp, digest[0], digest[1], digest[2], digest[3], digest[4],
digest[5], digest[6], digest[7], digest[8], digest[9], digest[10],
digest[11], digest[12], digest[13], digest[14], digest[15]);
if(!response)
return CURLE_OUT_OF_MEMORY;
/* Base64 encode the reply */
return Curl_base64_encode(data, response, 0, outptr, outlen);
result = Curl_base64_encode(data, response, 0, outptr, outlen);
Curl_safefree(response);
return result;
}
/*