diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c index af0d960a7..4c2dddbb8 100644 --- a/lib/http_ntlm.c +++ b/lib/http_ntlm.c @@ -204,10 +204,17 @@ static void mkhash(char *password, unsigned char lmbuffer[21]; unsigned char ntbuffer[21]; - unsigned char pw[256]; /* for maximum 128-letter passwords! */ - int len = strlen(password); - unsigned char magic[] = { 0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; + unsigned char *pw; + static const unsigned char magic[] = { + 0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 + }; int i; + int len = strlen(password); + + /* make it fit at least 14 bytes */ + pw = malloc(len<7?14:len*2); + if(!pw) + return; /* this will lead to a badly generated package */ if (len > 14) len = 14; @@ -249,12 +256,14 @@ static void mkhash(char *password, MD4_Update(&MD4, pw, 2*len); MD4_Final(ntbuffer, &MD4); - memset(ntbuffer+16, 0, 5); + memset(ntbuffer+16, 0, 8); } /* create responses */ calc_resp(lmbuffer, nonce, lmresp); calc_resp(ntbuffer, nonce, ntresp); + + free(pw); } /* convert an ascii string to upper case unicode, the destination buffer @@ -399,8 +408,8 @@ CURLcode Curl_output_ntlm(struct connectdata *conn) int lmrespoff; int ntrespoff; int useroff; - unsigned char lmresp[0x18+1]; - unsigned char ntresp[0x18+1]; + unsigned char lmresp[0x18]; /* fixed-size */ + unsigned char ntresp[0x18]; /* fixed-size */ int userlen = strlen(data->state.user); diff --git a/lib/transfer.c b/lib/transfer.c index a8c4f46de..771ec53c6 100644 --- a/lib/transfer.c +++ b/lib/transfer.c @@ -291,6 +291,7 @@ CURLcode Curl_readwrite(struct connectdata *conn, int hbufp_index; int rest_length; int full_length; + int writetype; /* str_start is start of line within buf */ k->str_start = k->str; @@ -437,13 +438,13 @@ CURLcode Curl_readwrite(struct connectdata *conn, /* now, only output this if the header AND body are requested: */ - k->writetype = CLIENTWRITE_HEADER; + writetype = CLIENTWRITE_HEADER; if (data->set.http_include_header) - k->writetype |= CLIENTWRITE_BODY; + writetype |= CLIENTWRITE_BODY; headerlen = k->p - data->state.headerbuff; - result = Curl_client_write(data, k->writetype, + result = Curl_client_write(data, writetype, data->state.headerbuff, headerlen); if(result) @@ -795,8 +796,6 @@ CURLcode Curl_readwrite(struct connectdata *conn, *ptr = '\0'; /* zero terminate */ conn->newurl = strdup(start); /* clone string */ *ptr = backup; /* restore ending letter */ - - k->returnbeforebody = TRUE; /* don't wait for contents */ } } #if 0 /* for consideration */ @@ -812,16 +811,15 @@ CURLcode Curl_readwrite(struct connectdata *conn, * End of header-checks. Write them to the client. */ - k->writetype = CLIENTWRITE_HEADER; + writetype = CLIENTWRITE_HEADER; if (data->set.http_include_header) - k->writetype |= CLIENTWRITE_BODY; + writetype |= CLIENTWRITE_BODY; if(data->set.verbose) Curl_debug(data, CURLINFO_HEADER_IN, k->p, k->hbuflen); - result = Curl_client_write(data, k->writetype, k->p, - k->hbuflen); + result = Curl_client_write(data, writetype, k->p, k->hbuflen); if(result) return result; @@ -854,15 +852,22 @@ CURLcode Curl_readwrite(struct connectdata *conn, write a piece of the body */ if(conn->protocol&PROT_HTTP) { /* HTTP-only checks */ - if (conn->newurl && k->returnbeforebody) { - /* abort after the headers if "follow Location" is set */ - infof (data, "Send request to this URL: %s\n", conn->newurl); - k->keepon &= ~KEEP_READ; - FD_ZERO(&k->rkeepfd); - *done = TRUE; - return CURLE_OK; + if (conn->newurl) { + if(conn->bits.close) { + /* Abort after the headers if "follow Location" is set + and we're set to close anyway. */ + k->keepon &= ~KEEP_READ; + FD_ZERO(&k->rkeepfd); + *done = TRUE; + return CURLE_OK; + } + /* We have a new url to load, but since we want to be able + to re-use this connection properly, we read the full + response in "ignore more" */ + k->ignorebody = TRUE; + infof(data, "Ignoring the response-body\n"); } - else if (conn->resume_from && + if (conn->resume_from && !k->content_range && (data->set.httpreq==HTTPREQ_GET)) { /* we wanted to resume a download, although the server @@ -963,7 +968,7 @@ CURLcode Curl_readwrite(struct connectdata *conn, if(!conn->bits.chunk && (nread || k->badheader)) { /* If this is chunky transfer, it was already written */ - if(k->badheader) { + if(k->badheader && !k->ignorebody) { /* we parsed a piece of data wrongly assuming it was a header and now we output it as body instead */ result = Curl_client_write(data, CLIENTWRITE_BODY, @@ -984,8 +989,9 @@ CURLcode Curl_readwrite(struct connectdata *conn, Content-Encoding header. See Curl_readwrite_init; the memset() call initializes k->content_encoding to zero. 08/28/02 jhrg */ - result = Curl_client_write(data, CLIENTWRITE_BODY, k->str, - nread); + if(!k->ignorebody) + result = Curl_client_write(data, CLIENTWRITE_BODY, k->str, + nread); #ifdef HAVE_LIBZ break; @@ -1266,7 +1272,7 @@ CURLcode Curl_readwrite_init(struct connectdata *conn) k->maxfd = (conn->sockfd>conn->writesockfd? conn->sockfd:conn->writesockfd)+1; k->hbufp = data->state.headerbuff; - k->returnbeforebody=FALSE; + k->ignorebody=FALSE; Curl_pgrsTime(data, TIMER_PRETRANSFER); Curl_speedinit(data); diff --git a/lib/urldata.h b/lib/urldata.h index c1e597971..c24e1c0dd 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -340,7 +340,6 @@ struct Curl_transfer_keeper { /* for the low speed checks: */ time_t timeofdoc; long bodywrites; - int writetype; char *buf; char *uploadbuf; @@ -360,7 +359,7 @@ struct Curl_transfer_keeper { bool upload_done; /* set to TRUE when doing chunked transfer-encoding upload and we're uploading the last chunk */ - bool returnbeforebody; /* if to break transfer after headers */ + bool ignorebody; /* we read a response-body but we ignore it! */ }; /*