sasl_sspi: Fixed hard coded buffer for response generation

Given the SSPI package info query indicates a token size of 4096 bytes, updated to use a dynamic buffer for the response message generation rather than a fixed buffer of 1024 bytes.
2014-08-10 11:01:27 +01:00 · 2014-08-10 11:01:27 +01:00 · cd6ecf6a89
commit cd6ecf6a89
parent d804ff0d6b
1 changed files with 21 additions and 2 deletions
--- a/lib/curl_sasl_sspi.c
+++ b/lib/curl_sasl_sspi.c
@ -118,8 +118,9 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
  CURLcode result = CURLE_OK;
  TCHAR *spn = NULL;
  size_t chlglen = 0;
+  size_t resp_max = 0;
  unsigned char *chlg = NULL;
-  unsigned char resp[1024];
+  unsigned char *resp = NULL;
  CredHandle handle;
  CtxtHandle ctx;
  PSecPkgInfo SecurityPackage;
@ -155,15 +156,27 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
                                              &SecurityPackage);
  if(status != SEC_E_OK) {
    Curl_safefree(chlg);
+
    return CURLE_NOT_BUILT_IN;
  }

+  resp_max = SecurityPackage->cbMaxToken;
+
  /* Release the package buffer as it is not required anymore */
  s_pSecFn->FreeContextBuffer(SecurityPackage);

+  /* Allocate our response buffer */
+  resp = malloc(resp_max);
+  if(!resp) {
+    Curl_safefree(chlg);
+
+    return CURLE_OUT_OF_MEMORY;
+  }
+
  /* Generate our SPN */
  spn = Curl_sasl_build_spn(service, data->easy_conn->host.name);
  if(!spn) {
+    Curl_safefree(resp);
    Curl_safefree(chlg);

    return CURLE_OUT_OF_MEMORY;
@ -173,6 +186,7 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
  result = Curl_create_sspi_identity(userp, passwdp, &identity);
  if(result) {
    Curl_safefree(spn);
+    Curl_safefree(resp);
    Curl_safefree(chlg);

    return result;
@ -188,6 +202,7 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
  if(status != SEC_E_OK) {
    Curl_sspi_free_identity(&identity);
    Curl_safefree(spn);
+    Curl_safefree(resp);
    Curl_safefree(chlg);

    return CURLE_OUT_OF_MEMORY;
@ -207,7 +222,7 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
  resp_desc.pBuffers  = &resp_buf;
  resp_buf.BufferType = SECBUFFER_TOKEN;
  resp_buf.pvBuffer   = resp;
-  resp_buf.cbBuffer   = sizeof(resp);
+  resp_buf.cbBuffer   = curlx_uztoul(resp_max);

  /* Generate our challenge-response message */
  status = s_pSecFn->InitializeSecurityContext(&handle, NULL, spn, 0, 0, 0,
@ -221,6 +236,7 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
    s_pSecFn->FreeCredentialsHandle(&handle);
    Curl_sspi_free_identity(&identity);
    Curl_safefree(spn);
+    Curl_safefree(resp);
    Curl_safefree(chlg);

    return CURLE_RECV_ERROR;
@ -240,6 +256,9 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
  /* Free the SPN */
  Curl_safefree(spn);

+  /* Free the response buffer */
+  Curl_safefree(resp);
+
  /* Free the decoeded challenge message */
  Curl_safefree(chlg);