From cbea3d41dd649655857a86608c4fd970fe41d264 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20R=C3=BChsen?= Date: Thu, 13 Feb 2020 16:27:38 +0100 Subject: [PATCH] * src/http.c (check_auth): Remove use of alloca --- src/http.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/src/http.c b/src/http.c index 4d29ead1..7ca53334 100644 --- a/src/http.c +++ b/src/http.c @@ -2387,26 +2387,40 @@ check_auth (const struct url *u, char *user, char *passwd, struct response *resp bool basic_auth_finished = *basic_auth_finished_ref; bool auth_finished = *auth_finished_ref; bool ntlm_seen = *ntlm_seen_ref; + char buf[256], *tmp = NULL; + *retry = false; + if (!auth_finished && (user && passwd)) { /* IIS sends multiple copies of WWW-Authenticate, one with the value "negotiate", and other(s) with data. Loop over all the occurrences and pick the one we recognize. */ int wapos; - char *buf; const char *www_authenticate = NULL; const char *wabeg, *waend; const char *digest = NULL, *basic = NULL, *ntlm = NULL; + for (wapos = 0; !ntlm && (wapos = resp_header_locate (resp, "WWW-Authenticate", wapos, &wabeg, &waend)) != -1; ++wapos) { param_token name, value; + size_t len = waend - wabeg; - BOUNDED_TO_ALLOCA (wabeg, waend, buf); - www_authenticate = buf; + if (tmp != buf) + xfree (tmp); + + if (len < sizeof (buf)) + tmp = buf; + else + tmp = xmalloc (len + 1); + + memcpy (tmp, wabeg, len); + tmp[len] = 0; + + www_authenticate = tmp; for (;!ntlm;) { @@ -2507,6 +2521,8 @@ check_auth (const struct url *u, char *user, char *passwd, struct response *resp } cleanup: + if (tmp != buf) + xfree (tmp); *ntlm_seen_ref = ntlm_seen; *basic_auth_finished_ref = basic_auth_finished; *auth_finished_ref = auth_finished;