[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnurl] 81/282: ntlm: Ensure the HTTP header data is not stored in the c
From: |
gnunet |
Subject: |
[gnurl] 81/282: ntlm: Ensure the HTTP header data is not stored in the challenge/response |
Date: |
Wed, 01 Apr 2020 14:29:06 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit f41deddde879c15350df880b1c8959bb521cd679
Author: Steve Holme <address@hidden>
AuthorDate: Thu May 9 00:30:09 2019 +0100
ntlm: Ensure the HTTP header data is not stored in the challenge/response
---
lib/curl_ntlm_wb.c | 24 ++++++++++++------------
lib/urldata.h | 4 ++--
2 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/lib/curl_ntlm_wb.c b/lib/curl_ntlm_wb.c
index 3c38fee38..3d991b4c5 100644
--- a/lib/curl_ntlm_wb.c
+++ b/lib/curl_ntlm_wb.c
@@ -108,8 +108,8 @@ static void ntlm_wb_cleanup(struct ntlmdata *ntlm)
ntlm->ntlm_auth_hlpr_pid = 0;
}
- Curl_safefree(ntlm->challenge_header);
- Curl_safefree(ntlm->response_header);
+ Curl_safefree(ntlm->challenge);
+ Curl_safefree(ntlm->response);
}
static CURLcode ntlm_wb_init(struct connectdata *conn, struct ntlmdata *ntlm,
@@ -325,9 +325,9 @@ static CURLcode ntlm_wb_response(struct connectdata *conn,
(buf[0]!='A' || buf[1]!='F' || buf[2]!=' '))
goto done;
- ntlm->response_header = aprintf("NTLM %.*s", len_out - 4, buf + 3);
+ ntlm->response = aprintf("%.*s", len_out - 4, buf + 3);
free(buf);
- if(!ntlm->response_header)
+ if(!ntlm->response)
return CURLE_OUT_OF_MEMORY;
return CURLE_OK;
done:
@@ -350,8 +350,8 @@ CURLcode Curl_input_ntlm_wb(struct connectdata *conn,
header++;
if(*header) {
- ntlm->challenge_header = strdup(header);
- if(!ntlm->challenge_header)
+ ntlm->challenge = strdup(header);
+ if(!ntlm->challenge)
return CURLE_OUT_OF_MEMORY;
*state = NTLMSTATE_TYPE2; /* We got a type-2 message */
@@ -443,17 +443,17 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
return res;
free(*allocuserpwd);
- *allocuserpwd = aprintf("%sAuthorization: %s\r\n",
+ *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
proxy ? "Proxy-" : "",
- ntlm->response_header);
+ ntlm->response);
DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd));
- Curl_safefree(ntlm->response_header);
+ Curl_safefree(ntlm->response);
if(!*allocuserpwd)
return CURLE_OUT_OF_MEMORY;
break;
case NTLMSTATE_TYPE2: {
- char *input = aprintf("TT %s\n", ntlm->challenge_header);
+ char *input = aprintf("TT %s\n", ntlm->challenge);
if(!input)
return CURLE_OUT_OF_MEMORY;
res = ntlm_wb_response(conn, ntlm, input, *state);
@@ -462,9 +462,9 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
return res;
free(*allocuserpwd);
- *allocuserpwd = aprintf("%sAuthorization: %s\r\n",
+ *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
proxy ? "Proxy-" : "",
- ntlm->response_header);
+ ntlm->response);
DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
*state = NTLMSTATE_TYPE3; /* we sent a type-3 */
authp->done = TRUE;
diff --git a/lib/urldata.h b/lib/urldata.h
index 239f65ec7..e2afc6406 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -372,8 +372,8 @@ struct ntlmdata {
/* used for communication with Samba's winbind daemon helper ntlm_auth */
curl_socket_t ntlm_auth_hlpr_socket;
pid_t ntlm_auth_hlpr_pid;
- char *challenge_header;
- char *response_header;
+ char *challenge; /* The received base64 encoded ntlm type-2 message */
+ char *response; /* The generated base64 ntlm type-1/type-3 message */
#endif
#endif
};
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [gnurl] 72/282: ngtcp2: update to git master and its draft-25 support, (continued)
- [gnurl] 72/282: ngtcp2: update to git master and its draft-25 support, gnunet, 2020/04/01
- [gnurl] 82/282: curl: avoid using strlen for testing if a string is empty, gnunet, 2020/04/01
- [gnurl] 75/282: quiche: Copyright year out of date, gnunet, 2020/04/01
- [gnurl] 65/282: global_init: move the IPv6 works status bool to multi handle, gnunet, 2020/04/01
- [gnurl] 73/282: quiche: update to draft-25, gnunet, 2020/04/01
- [gnurl] 76/282: ntlm: Move the winbind data into the NTLM data structure, gnunet, 2020/04/01
- [gnurl] 74/282: altsvc: use h3-25, gnunet, 2020/04/01
- [gnurl] 80/282: openssl: remove redundant assignment, gnunet, 2020/04/01
- [gnurl] 83/282: tool_operhlp: Copyright year out of date, should be 2020, gnunet, 2020/04/01
- [gnurl] 68/282: multi_done: if multiplexed, make conn->data point to another transfer, gnunet, 2020/04/01
- [gnurl] 81/282: ntlm: Ensure the HTTP header data is not stored in the challenge/response,
gnunet <=
- [gnurl] 67/282: location.d: the method change is from POST to GET only, gnunet, 2020/04/01
- [gnurl] 84/282: RELEASE-NOTES: synced, gnunet, 2020/04/01
- [gnurl] 86/282: docs/HTTP3: update the OpenSSL branch to use for ngtcp2, gnunet, 2020/04/01
- [gnurl] 66/282: urlapi: guess scheme correct even with credentials given, gnunet, 2020/04/01
- [gnurl] 70/282: KNOWN_BUGS: Multiple methods in a single WWW-Authenticate: header, gnunet, 2020/04/01
- [gnurl] 69/282: oauth2-bearer.d: works for HTTP too, gnunet, 2020/04/01
- [gnurl] 78/282: cirrus: Add some missing semicolons, gnunet, 2020/04/01
- [gnurl] 71/282: cookie: check __Secure- and __Host- case sensitively, gnunet, 2020/04/01
- [gnurl] 79/282: travis: update non-OpenSSL Linux jobs to Bionic, gnunet, 2020/04/01
- [gnurl] 77/282: cleanup: fix typos and wording in docs and comments, gnunet, 2020/04/01