diff options
Diffstat (limited to 'lib/security.c')
| -rw-r--r-- | lib/security.c | 69 |
1 files changed, 41 insertions, 28 deletions
diff --git a/lib/security.c b/lib/security.c index 1aa280682..495a49693 100644 --- a/lib/security.c +++ b/lib/security.c @@ -10,7 +10,7 @@ * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * - * Copyright (C) 2001 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2001 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. * * All rights reserved. * @@ -41,20 +41,17 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -#include "setup.h" +#include "curl_setup.h" #ifndef CURL_DISABLE_FTP #if defined(HAVE_KRB4) || defined(HAVE_GSSAPI) -#include <stdarg.h> -#include <string.h> - #ifdef HAVE_NETDB_H #include <netdb.h> #endif -#ifdef HAVE_UNISTD_H -#include <unistd.h> +#ifdef HAVE_LIMITS_H +#include <limits.h> #endif #include "urldata.h" @@ -64,6 +61,7 @@ #include "ftp.h" #include "sendf.h" #include "rawstr.h" +#include "warnless.h" /* The last #include file should be: */ #include "memdebug.h" @@ -147,7 +145,7 @@ static int ftp_send_command(struct connectdata *conn, const char *message, ...) } /* Read |len| from the socket |fd| and store it in |to|. Return a CURLcode - saying whether an error occured or CURLE_OK if |len| was read. */ + saying whether an error occurred or CURLE_OK if |len| was read. */ static CURLcode socket_read(curl_socket_t fd, void *to, size_t len) { @@ -173,7 +171,7 @@ socket_read(curl_socket_t fd, void *to, size_t len) /* Write |len| bytes from the buffer |to| to the socket |fd|. Return a - CURLcode saying whether an error occured or CURLE_OK if |len| was + CURLcode saying whether an error occurred or CURLE_OK if |len| was written. */ static CURLcode socket_write(struct connectdata *conn, curl_socket_t fd, const void *to, @@ -208,17 +206,17 @@ static CURLcode read_data(struct connectdata *conn, CURLcode ret; ret = socket_read(fd, &len, sizeof(len)); - if (ret != CURLE_OK) + if(ret != CURLE_OK) return ret; len = ntohl(len); tmp = realloc(buf->data, len); - if (tmp == NULL) + if(tmp == NULL) return CURLE_OUT_OF_MEMORY; buf->data = tmp; ret = socket_read(fd, buf->data, len); - if (ret != CURLE_OK) + if(ret != CURLE_OK) return ret; buf->size = conn->mech->decode(conn->app_data, buf->data, len, conn->data_prot, conn); @@ -283,12 +281,13 @@ static ssize_t sec_recv(struct connectdata *conn, int sockindex, static void do_sec_send(struct connectdata *conn, curl_socket_t fd, const char *from, int length) { - size_t bytes; - size_t htonl_bytes; - char *buffer; + int bytes, htonl_bytes; /* 32-bit integers for htonl */ + char *buffer = NULL; char *cmd_buffer; + size_t cmd_size = 0; + CURLcode error; enum protection_level prot_level = conn->data_prot; - bool iscmd = prot_level == PROT_CMD; + bool iscmd = (prot_level == PROT_CMD)?TRUE:FALSE; DEBUGASSERT(prot_level > PROT_NONE && prot_level < PROT_LAST); @@ -300,9 +299,17 @@ static void do_sec_send(struct connectdata *conn, curl_socket_t fd, } bytes = conn->mech->encode(conn->app_data, from, length, prot_level, (void**)&buffer, conn); + if(!buffer || bytes <= 0) + return; /* error */ + if(iscmd) { - bytes = Curl_base64_encode(conn->data, buffer, bytes, &cmd_buffer); - if(bytes > 0) { + error = Curl_base64_encode(conn->data, buffer, curlx_sitouz(bytes), + &cmd_buffer, &cmd_size); + if(error) { + free(buffer); + return; /* error */ + } + if(cmd_size > 0) { static const char *enc = "ENC "; static const char *mic = "MIC "; if(prot_level == PROT_PRIVATE) @@ -310,7 +317,7 @@ static void do_sec_send(struct connectdata *conn, curl_socket_t fd, else socket_write(conn, fd, mic, 4); - socket_write(conn, fd, cmd_buffer, bytes); + socket_write(conn, fd, cmd_buffer, cmd_size); socket_write(conn, fd, "\r\n", 2); infof(conn->data, "Send: %s%s\n", prot_level == PROT_PRIVATE?enc:mic, cmd_buffer); @@ -320,7 +327,7 @@ static void do_sec_send(struct connectdata *conn, curl_socket_t fd, else { htonl_bytes = htonl(bytes); socket_write(conn, fd, &htonl_bytes, sizeof(htonl_bytes)); - socket_write(conn, fd, buffer, bytes); + socket_write(conn, fd, buffer, curlx_sitouz(bytes)); } free(buffer); } @@ -329,10 +336,10 @@ static ssize_t sec_write(struct connectdata *conn, curl_socket_t fd, const char *buffer, size_t length) { /* FIXME: Check for overflow */ - ssize_t len = conn->buffer_size; - int tx = 0; + ssize_t tx = 0, len = conn->buffer_size; - len -= conn->mech->overhead(conn->app_data, conn->data_prot, len); + len -= conn->mech->overhead(conn->app_data, conn->data_prot, + curlx_sztosi(len)); if(len <= 0) len = length; while(length) { @@ -340,7 +347,7 @@ static ssize_t sec_write(struct connectdata *conn, curl_socket_t fd, /* FIXME: Check for overflow. */ len = length; } - do_sec_send(conn, fd, buffer, len); + do_sec_send(conn, fd, buffer, curlx_sztosi(len)); length -= len; buffer += len; tx += len; @@ -365,14 +372,20 @@ int Curl_sec_read_msg(struct connectdata *conn, char *buffer, int decoded_len; char *buf; int ret_code; + size_t decoded_sz = 0; + CURLcode error; DEBUGASSERT(level > PROT_NONE && level < PROT_LAST); - decoded_len = Curl_base64_decode(buffer + 4, (unsigned char **)&buf); - if(decoded_len <= 0) { + error = Curl_base64_decode(buffer + 4, (unsigned char **)&buf, &decoded_sz); + if(error || decoded_sz == 0) + return -1; + + if(decoded_sz > (size_t)INT_MAX) { free(buf); return -1; } + decoded_len = curlx_uztosi(decoded_sz); decoded_len = conn->mech->decode(conn->app_data, buf, decoded_len, level, conn); @@ -485,7 +498,7 @@ static CURLcode choose_mech(struct connectdata *conn) /* We have no mechanism with a NULL name but keep this check */ DEBUGASSERT(mech_name != NULL); if(mech_name == NULL) { - infof(data, "Skipping mechanism with empty name (%p)\n", mech); + infof(data, "Skipping mechanism with empty name (%p)\n", (void *)mech); continue; } tmp_allocation = realloc(conn->app_data, (*mech)->size); @@ -522,7 +535,7 @@ static CURLcode choose_mech(struct connectdata *conn) break; default: if(ret/100 == 5) { - infof(data, "The server does not support the security extensions.\n"); + infof(data, "server does not support the security extensions\n"); return CURLE_USE_SSL_FAILED; } break; |