* rewrite to work around the paragraph 2 in the BSD licenses as explained
* below.
*
- * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1998, 1999, 2013 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
*
- * Copyright (C) 2001 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2001 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* All rights reserved.
*
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. */
-#include "setup.h"
+#include "curl_setup.h"
#ifndef CURL_DISABLE_FTP
-#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
-
-#include <stdarg.h>
-#include <string.h>
+#ifdef HAVE_GSSAPI
#ifdef HAVE_NETDB_H
#include <netdb.h>
#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
#endif
#include "urldata.h"
#include "curl_base64.h"
#include "curl_memory.h"
-#include "krb4.h"
+#include "curl_sec.h"
#include "ftp.h"
#include "sendf.h"
#include "rawstr.h"
+#include "warnless.h"
/* The last #include file should be: */
#include "memdebug.h"
}
static const struct Curl_sec_client_mech * const mechs[] = {
-#if defined(HAVE_GSSAPI)
+#ifdef HAVE_GSSAPI
&Curl_krb5_client_mech,
#endif
-#if defined(HAVE_KRB4)
- &Curl_krb4_client_mech,
-#endif
NULL
};
vsnprintf(print_buffer, sizeof(print_buffer), message, args);
va_end(args);
- if(Curl_ftpsendf(conn, print_buffer) != CURLE_OK) {
+ if(Curl_ftpsendf(conn, print_buffer)) {
ftp_code = -1;
}
else {
- if(Curl_GetFTPResponse(&nread, conn, &ftp_code) != CURLE_OK)
+ if(Curl_GetFTPResponse(&nread, conn, &ftp_code))
ftp_code = -1;
}
}
/* Read |len| from the socket |fd| and store it in |to|. Return a CURLcode
- saying whether an error occured or CURLE_OK if |len| was read. */
+ saying whether an error occurred or CURLE_OK if |len| was read. */
static CURLcode
socket_read(curl_socket_t fd, void *to, size_t len)
{
char *to_p = to;
- CURLcode code;
+ CURLcode result;
ssize_t nread;
while(len > 0) {
- code = Curl_read_plain(fd, to_p, len, &nread);
- if(code == CURLE_OK) {
+ result = Curl_read_plain(fd, to_p, len, &nread);
+ if(!result) {
len -= nread;
to_p += nread;
}
else {
/* FIXME: We are doing a busy wait */
- if(code == CURLE_AGAIN)
+ if(result == CURLE_AGAIN)
continue;
- return code;
+ return result;
}
}
return CURLE_OK;
/* Write |len| bytes from the buffer |to| to the socket |fd|. Return a
- CURLcode saying whether an error occured or CURLE_OK if |len| was
+ CURLcode saying whether an error occurred or CURLE_OK if |len| was
written. */
static CURLcode
socket_write(struct connectdata *conn, curl_socket_t fd, const void *to,
size_t len)
{
const char *to_p = to;
- CURLcode code;
+ CURLcode result;
ssize_t written;
while(len > 0) {
- code = Curl_write_plain(conn, fd, to_p, len, &written);
- if(code == CURLE_OK) {
+ result = Curl_write_plain(conn, fd, to_p, len, &written);
+ if(!result) {
len -= written;
to_p += written;
}
else {
/* FIXME: We are doing a busy wait */
- if(code == CURLE_AGAIN)
+ if(result == CURLE_AGAIN)
continue;
- return code;
+ return result;
}
}
return CURLE_OK;
static CURLcode read_data(struct connectdata *conn,
curl_socket_t fd,
- struct krb4buffer *buf)
+ struct krb5buffer *buf)
{
int len;
void* tmp;
- CURLcode ret;
+ CURLcode result;
- ret = socket_read(fd, &len, sizeof(len));
- if (ret != CURLE_OK)
- return ret;
+ result = socket_read(fd, &len, sizeof(len));
+ if(result)
+ return result;
len = ntohl(len);
tmp = realloc(buf->data, len);
- if (tmp == NULL)
+ if(tmp == NULL)
return CURLE_OUT_OF_MEMORY;
buf->data = tmp;
- ret = socket_read(fd, buf->data, len);
- if (ret != CURLE_OK)
- return ret;
+ result = socket_read(fd, buf->data, len);
+ if(result)
+ return result;
buf->size = conn->mech->decode(conn->app_data, buf->data, len,
conn->data_prot, conn);
buf->index = 0;
}
static size_t
-buffer_read(struct krb4buffer *buf, void *data, size_t len)
+buffer_read(struct krb5buffer *buf, void *data, size_t len)
{
if(buf->size - buf->index < len)
len = buf->size - buf->index;
buffer += bytes_read;
while(len > 0) {
- if(read_data(conn, fd, &conn->in_buffer) != CURLE_OK)
+ if(read_data(conn, fd, &conn->in_buffer))
return -1;
if(conn->in_buffer.size == 0) {
if(bytes_read > 0)
static void do_sec_send(struct connectdata *conn, curl_socket_t fd,
const char *from, int length)
{
- size_t bytes;
- size_t htonl_bytes;
- char *buffer;
+ int bytes, htonl_bytes; /* 32-bit integers for htonl */
+ char *buffer = NULL;
char *cmd_buffer;
+ size_t cmd_size = 0;
+ CURLcode error;
enum protection_level prot_level = conn->data_prot;
- bool iscmd = prot_level == PROT_CMD;
+ bool iscmd = (prot_level == PROT_CMD)?TRUE:FALSE;
DEBUGASSERT(prot_level > PROT_NONE && prot_level < PROT_LAST);
prot_level = conn->command_prot;
}
bytes = conn->mech->encode(conn->app_data, from, length, prot_level,
- (void**)&buffer, conn);
+ (void**)&buffer);
+ if(!buffer || bytes <= 0)
+ return; /* error */
+
if(iscmd) {
- bytes = Curl_base64_encode(conn->data, buffer, bytes, &cmd_buffer);
- if(bytes > 0) {
+ error = Curl_base64_encode(conn->data, buffer, curlx_sitouz(bytes),
+ &cmd_buffer, &cmd_size);
+ if(error) {
+ free(buffer);
+ return; /* error */
+ }
+ if(cmd_size > 0) {
static const char *enc = "ENC ";
static const char *mic = "MIC ";
if(prot_level == PROT_PRIVATE)
else
socket_write(conn, fd, mic, 4);
- socket_write(conn, fd, cmd_buffer, bytes);
+ socket_write(conn, fd, cmd_buffer, cmd_size);
socket_write(conn, fd, "\r\n", 2);
infof(conn->data, "Send: %s%s\n", prot_level == PROT_PRIVATE?enc:mic,
cmd_buffer);
else {
htonl_bytes = htonl(bytes);
socket_write(conn, fd, &htonl_bytes, sizeof(htonl_bytes));
- socket_write(conn, fd, buffer, bytes);
+ socket_write(conn, fd, buffer, curlx_sitouz(bytes));
}
free(buffer);
}
static ssize_t sec_write(struct connectdata *conn, curl_socket_t fd,
const char *buffer, size_t length)
{
- /* FIXME: Check for overflow */
- ssize_t len = conn->buffer_size;
- int tx = 0;
+ ssize_t tx = 0, len = conn->buffer_size;
- len -= conn->mech->overhead(conn->app_data, conn->data_prot, len);
+ len -= conn->mech->overhead(conn->app_data, conn->data_prot,
+ curlx_sztosi(len));
if(len <= 0)
len = length;
while(length) {
- if(len >= 0 || length < (size_t)len) {
- /* FIXME: Check for overflow. */
+ if(length < (size_t)len)
len = length;
- }
- do_sec_send(conn, fd, buffer, len);
+
+ do_sec_send(conn, fd, buffer, curlx_sztosi(len));
length -= len;
buffer += len;
tx += len;
int decoded_len;
char *buf;
int ret_code;
+ size_t decoded_sz = 0;
+ CURLcode error;
DEBUGASSERT(level > PROT_NONE && level < PROT_LAST);
- decoded_len = Curl_base64_decode(buffer + 4, (unsigned char **)&buf);
- if(decoded_len <= 0) {
+ error = Curl_base64_decode(buffer + 4, (unsigned char **)&buf, &decoded_sz);
+ if(error || decoded_sz == 0)
+ return -1;
+
+ if(decoded_sz > (size_t)INT_MAX) {
free(buf);
return -1;
}
+ decoded_len = curlx_uztosi(decoded_sz);
decoded_len = conn->mech->decode(conn->app_data, buf, decoded_len,
level, conn);
ret_code = 0;
else {
/* Check for error? */
- sscanf(buf, "%d", &ret_code);
+ (void)sscanf(buf, "%d", &ret_code);
}
if(buf[decoded_len - 1] == '\n')
/* We have no mechanism with a NULL name but keep this check */
DEBUGASSERT(mech_name != NULL);
if(mech_name == NULL) {
- infof(data, "Skipping mechanism with empty name (%p)\n", mech);
+ infof(data, "Skipping mechanism with empty name (%p)\n", (void *)mech);
continue;
}
tmp_allocation = realloc(conn->app_data, (*mech)->size);
break;
default:
if(ret/100 == 5) {
- infof(data, "The server does not support the security extensions.\n");
+ infof(data, "server does not support the security extensions\n");
return CURLE_USE_SSL_FAILED;
}
break;
break;
}
- return mech != NULL ? CURLE_OK : CURLE_FAILED_INIT;
+ return *mech != NULL ? CURLE_OK : CURLE_FAILED_INIT;
}
CURLcode
conn->mech = NULL;
}
-#endif /* HAVE_KRB4 || HAVE_GSSAPI */
+#endif /* HAVE_GSSAPI */
#endif /* CURL_DISABLE_FTP */