From 2ff17aa31e87d036c76b50b99e498a7bc22c43fb Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Sun, 24 May 2009 12:31:07 +0000 Subject: Use dynamically allocated buffers. Fixes Debian Bug#449179. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reported by Stepan Golosunov. The original asserts were off-by-one anyways… svn path=/branches/BRANCH_6-3/; revision=5311 --- NEWS | 2 ++ smbutil.c | 44 +++++++++++++++++++++++++++++++------------- 2 files changed, 33 insertions(+), 13 deletions(-) diff --git a/NEWS b/NEWS index a347f207..3f7be799 100644 --- a/NEWS +++ b/NEWS @@ -65,6 +65,8 @@ fetchmail 6.3.10 (not yet released): for each body line written.) The conditions under which these had been printed were inconsistent, illogical, and documentation hadn't matched real behaviour for long. +* For NTLM authentication, use dynamically allocated buffers. + Fixes Debian Bug#449179, reported by Stepan Golosunov. # CHANGES * Make the comparison of the SSL fingerprints case insensitive, to diff --git a/smbutil.c b/smbutil.c index aa50ed09..9a8fbeef 100644 --- a/smbutil.c +++ b/smbutil.c @@ -82,15 +82,30 @@ static void dumpRaw(FILE *fp, unsigned char *buf, size_t len) fprintf(fp,"\n"); } +/* helper function to destructively resize buffers; assumes that bufsiz + * is initialized to 0 if buf is unallocated! */ +static void allocbuf(char **buf, size_t *bufsiz, size_t need) + { + if (need > *bufsiz) + { + *bufsiz = (need < 1024) ? 1024 : need; + xfree(*buf); + *buf = xmalloc(*bufsiz); + } + } + +/* this is a brute-force conversion from UCS-2LE to US-ASCII, discarding + * the upper 9 bits */ static char *unicodeToString(char *p, size_t len) { size_t i; - static char buf[1024]; + static char *buf; + static size_t bufsiz; + + allocbuf(&buf, &bufsiz, len + 1); - assert(len+1 < sizeof buf); - for (i=0; i