Use dynamically allocated buffers. Fixes Debian Bug#449179.

Reported by Stepan Golosunov. The original asserts were off-by-one anyways…

svn path=/branches/BRANCH_6-3/; revision=5311

2 files changed, 33 insertions, 13 deletions

diff --git a/NEWS b/NEWS
index a347f207..3f7be799 100644
--- a/NEWS
+++ b/NEWS
@@ -65,6 +65,8 @@ fetchmail 6.3.10 (not yet released):
   for each body line written.)
   The conditions under which these had been printed were inconsistent,
   illogical, and documentation hadn't matched real behaviour for long.
+* For NTLM authentication, use dynamically allocated buffers.
+  Fixes Debian Bug#449179, reported by Stepan Golosunov.
 
 # CHANGES
 * Make the comparison of the SSL fingerprints case insensitive, to
diff --git a/smbutil.c b/smbutil.c
index aa50ed09..9a8fbeef 100644
--- a/smbutil.c
+++ b/smbutil.c
@@ -82,15 +82,30 @@ static void dumpRaw(FILE *fp, unsigned char *buf, size_t len)
     fprintf(fp,"\n");
   }
 
+/* helper function to destructively resize buffers; assumes that bufsiz
+ * is initialized to 0 if buf is unallocated! */
+static void allocbuf(char **buf, size_t *bufsiz, size_t need)
+  {
+  if (need > *bufsiz)
+    {
+    *bufsiz = (need < 1024) ? 1024 : need;
+    xfree(*buf);
+    *buf = xmalloc(*bufsiz);
+    }
+  }
+
+/* this is a brute-force conversion from UCS-2LE to US-ASCII, discarding
+ * the upper 9 bits */
 static char *unicodeToString(char *p, size_t len)
   {
   size_t i;
-  static char buf[1024];
+  static char *buf;
+  static size_t bufsiz;
+
+  allocbuf(&buf, &bufsiz, len + 1);
 
-  assert(len+1 < sizeof buf);
-  
   for (i=0; i<len; ++i)
-    {  
+    {
     buf[i] = *p & 0x7f;
     p += 2;
     }
@@ -99,29 +114,32 @@ static char *unicodeToString(char *p, size_t len)
   return buf;
   }
 
+/* This is a brute-force conversion from US-ASCII to UCS-2LE */
 static unsigned char *strToUnicode(char *p)
   {
-  static unsigned char buf[1024];
+  static unsigned char *buf;
+  static size_t bufsiz;
   size_t l = strlen(p);
   int i = 0;
-  
-  assert(l*2 < sizeof buf);
-  
+
+  allocbuf((char **)&buf, &bufsiz, l * 2);
+
   while (l--)
     {
     buf[i++] = *p++;
     buf[i++] = 0;
     }
-  
+
   return buf;
   }
 
 static unsigned char *toString(char *p, size_t len)
   {
-  static unsigned char buf[1024];
-  
-  assert(len+1 < sizeof buf);
-  
+  static unsigned char *buf;
+  static size_t bufsiz;
+
+  allocbuf((char **)&buf, &bufsiz, len + 1);
+
   memcpy(buf,p,len);
   buf[len] = 0;
   return buf;