curl 2017-06-14 (54b636f1)

Code extracted from: https://github.com/curl/curl.git at commit 54b636f14546d3fde9f9c67c3b32701d78563161 (curl-7_54_1).
author: Curl Upstream <curl-library@cool.haxx.se> 2017-06-14 06:08:56 (GMT)
committer: Brad King <brad.king@kitware.com> 2017-06-14 14:46:35 (GMT)
commit: 06d6d6c4aee149cd6560b919ef6935ef0867d921 (patch)
tree: d62adabf2b4b10030abf4a759b520e5edb6dd517 /lib/vauth
parent: fd7d521c9d70655618db8232d45e5aaf81700f91 (diff)
download: CMake-06d6d6c4aee149cd6560b919ef6935ef0867d921.zip
CMake-06d6d6c4aee149cd6560b919ef6935ef0867d921.tar.gz
CMake-06d6d6c4aee149cd6560b919ef6935ef0867d921.tar.bz2
2 files changed, 12 insertions, 21 deletions
diff --git a/lib/vauth/digest.c b/lib/vauth/digest.c
index 31d25cf..185098e 100644
--- a/lib/vauth/digest.c
+++ b/lib/vauth/digest.c
@@ -205,7 +205,7 @@ static CURLcode auth_digest_get_qop_values(const char *options, int *value)
 {
   char *tmp;
   char *token;
-  char *tok_buf;
+  char *tok_buf = NULL;
 
   /* Initialise the output */
   *value = 0;
@@ -360,7 +360,6 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
   char qop_options[64];
   int qop_values;
   char cnonce[33];
-  unsigned int entropy[4];
   char nonceCount[] = "00000001";
   char method[]     = "AUTHENTICATE";
   char qop[]        = DIGEST_QOP_VALUE_STRING_AUTH;
@@ -387,15 +386,11 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
   if(!(qop_values & DIGEST_QOP_VALUE_AUTH))
     return CURLE_BAD_CONTENT_ENCODING;
 
-  /* Generate 16 bytes of random data */
-  result = Curl_rand(data, &entropy[0], 4);
+  /* Generate 32 random hex chars, 32 bytes + 1 zero termination */
+  result = Curl_rand_hex(data, (unsigned char *)cnonce, sizeof(cnonce));
   if(result)
     return result;
 
-  /* Convert the random data into a 32 byte hex string */
-  snprintf(cnonce, sizeof(cnonce), "%08x%08x%08x%08x",
-           entropy[0], entropy[1], entropy[2], entropy[3]);
-
   /* So far so good, now calculate A1 and H(A1) according to RFC 2831 */
   ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
   if(!ctxt)
@@ -563,7 +558,7 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg,
           return CURLE_OUT_OF_MEMORY;
       }
       else if(strcasecompare(value, "qop")) {
-        char *tok_buf;
+        char *tok_buf = NULL;
         /* Tokenize the list and choose auth if possible, use a temporary
            clone of the buffer since strtok_r() ruins it */
         tmp = strdup(content);
@@ -684,12 +679,10 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
     digest->nc = 1;
 
   if(!digest->cnonce) {
-    unsigned int rnd[4];
-    result = Curl_rand(data, &rnd[0], 4);
+    result = Curl_rand_hex(data, (unsigned char *)cnoncebuf,
+                           sizeof(cnoncebuf));
     if(result)
       return result;
-    snprintf(cnoncebuf, sizeof(cnoncebuf), "%08x%08x%08x%08x",
-             rnd[0], rnd[1], rnd[2], rnd[3]);
 
     result = Curl_base64_encode(data, cnoncebuf, strlen(cnoncebuf),
                                 &cnonce, &cnonce_sz);
diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c
index d02eec4..4219645 100644
--- a/lib/vauth/ntlm.c
+++ b/lib/vauth/ntlm.c
@@ -555,10 +555,10 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
 #if defined(USE_NTRESPONSES) && defined(USE_NTLM_V2)
   if(ntlm->target_info_len) {
     unsigned char ntbuffer[0x18];
-    unsigned int entropy[2];
+    unsigned char entropy[8];
     unsigned char ntlmv2hash[0x18];
 
-    result = Curl_rand(data, &entropy[0], 2);
+    result = Curl_rand(data, entropy, 8);
     if(result)
       return result;
 
@@ -572,15 +572,13 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
       return result;
 
     /* LMv2 response */
-    result = Curl_ntlm_core_mk_lmv2_resp(ntlmv2hash,
-                                         (unsigned char *)&entropy[0],
+    result = Curl_ntlm_core_mk_lmv2_resp(ntlmv2hash, entropy,
                                          &ntlm->nonce[0], lmresp);
     if(result)
       return result;
 
     /* NTLMv2 response */
-    result = Curl_ntlm_core_mk_ntlmv2_resp(ntlmv2hash,
-                                           (unsigned char *)&entropy[0],
+    result = Curl_ntlm_core_mk_ntlmv2_resp(ntlmv2hash, entropy,
                                            ntlm, &ntlmv2resp, &ntresplen);
     if(result)
       return result;
@@ -596,10 +594,10 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
     unsigned char ntbuffer[0x18];
     unsigned char tmp[0x18];
     unsigned char md5sum[MD5_DIGEST_LENGTH];
-    unsigned int entropy[2];
+    unsigned char entropy[8];
 
     /* Need to create 8 bytes random data */
-    result = Curl_rand(data, &entropy[0], 2);
+    result = Curl_rand(data, entropy, 8);
     if(result)
       return result;
author	Curl Upstream <curl-library@cool.haxx.se>	2017-06-14 06:08:56 (GMT)
committer	Brad King <brad.king@kitware.com>	2017-06-14 14:46:35 (GMT)
commit	06d6d6c4aee149cd6560b919ef6935ef0867d921 (patch)
tree	d62adabf2b4b10030abf4a759b520e5edb6dd517 /lib/vauth
parent	fd7d521c9d70655618db8232d45e5aaf81700f91 (diff)
download	CMake-06d6d6c4aee149cd6560b919ef6935ef0867d921.zip CMake-06d6d6c4aee149cd6560b919ef6935ef0867d921.tar.gz CMake-06d6d6c4aee149cd6560b919ef6935ef0867d921.tar.bz2