http_digest.c: SIGSEGV and OOM handling fixes

This commit is contained in:
Yang Tse 2013-07-12 19:32:13 +02:00
Родитель 83f0dae129
Коммит 2af64c6432
1 изменённых файлов: 17 добавлений и 47 удалений

Просмотреть файл

@ -25,13 +25,11 @@
#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH)
#include "urldata.h"
#include "sendf.h"
#include "rawstr.h"
#include "curl_base64.h"
#include "curl_md5.h"
#include "http_digest.h"
#include "strtok.h"
#include "url.h" /* for Curl_safefree() */
#include "curl_memory.h"
#include "sslgen.h" /* for Curl_rand() */
#include "non-ascii.h" /* included for Curl_convert_... prototypes */
@ -284,7 +282,7 @@ static char *string_quoted(const char *source)
++s;
}
dest = (char *)malloc(n);
dest = malloc(n);
if(dest) {
s = source;
d = dest;
@ -311,7 +309,7 @@ CURLcode Curl_output_digest(struct connectdata *conn,
unsigned char md5buf[16]; /* 16 bytes/128 bits */
unsigned char request_digest[33];
unsigned char *md5this;
unsigned char *ha1;
unsigned char ha1[33];/* 32 digits and 1 zero byte */
unsigned char ha2[33];/* 32 digits and 1 zero byte */
char cnoncebuf[33];
char *cnonce = NULL;
@ -353,10 +351,7 @@ CURLcode Curl_output_digest(struct connectdata *conn,
authp = &data->state.authhost;
}
if(*allocuserpwd) {
Curl_safefree(*allocuserpwd);
*allocuserpwd = NULL;
}
Curl_safefree(*allocuserpwd);
/* not set means empty */
if(!userp)
@ -406,12 +401,7 @@ CURLcode Curl_output_digest(struct connectdata *conn,
CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */
Curl_md5it(md5buf, md5this);
free(md5this); /* free this again */
ha1 = malloc(33); /* 32 digits and 1 zero byte */
if(!ha1)
return CURLE_OUT_OF_MEMORY;
Curl_safefree(md5this);
md5_to_ascii(md5buf, ha1);
if(d->algo == CURLDIGESTALGO_MD5SESS) {
@ -421,7 +411,7 @@ CURLcode Curl_output_digest(struct connectdata *conn,
return CURLE_OUT_OF_MEMORY;
CURL_OUTPUT_DIGEST_CONV(data, tmp); /* convert on non-ASCII machines */
Curl_md5it(md5buf, (unsigned char *)tmp);
free(tmp); /* free this again */
Curl_safefree(tmp);
md5_to_ascii(md5buf, ha1);
}
@ -463,18 +453,16 @@ CURLcode Curl_output_digest(struct connectdata *conn,
TODO: replace md5 of empty string with entity-body for PUT/POST */
unsigned char *md5this2 = (unsigned char *)
aprintf("%s:%s", md5this, "d41d8cd98f00b204e9800998ecf8427e");
free(md5this);
Curl_safefree(md5this);
md5this = md5this2;
}
if(!md5this) {
free(ha1);
if(!md5this)
return CURLE_OUT_OF_MEMORY;
}
CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */
Curl_md5it(md5buf, md5this);
free(md5this); /* free this again */
Curl_safefree(md5this);
md5_to_ascii(md5buf, ha2);
if(d->qop) {
@ -492,13 +480,12 @@ CURLcode Curl_output_digest(struct connectdata *conn,
d->nonce,
ha2);
}
free(ha1);
if(!md5this)
return CURLE_OUT_OF_MEMORY;
CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */
Curl_md5it(md5buf, md5this);
free(md5this); /* free this again */
Curl_safefree(md5this);
md5_to_ascii(md5buf, request_digest);
/* for test case 64 (snooped from a Mozilla 1.3a request)
@ -515,7 +502,7 @@ CURLcode Curl_output_digest(struct connectdata *conn,
chracters.
*/
userp_quoted = string_quoted(userp);
if(!*userp_quoted)
if(!userp_quoted)
return CURLE_OUT_OF_MEMORY;
if(d->qop) {
@ -559,7 +546,7 @@ CURLcode Curl_output_digest(struct connectdata *conn,
uripath, /* this is the PATH part of the URL */
request_digest);
}
free(userp_quoted);
Curl_safefree(userp_quoted);
if(!*allocuserpwd)
return CURLE_OUT_OF_MEMORY;
@ -595,29 +582,12 @@ CURLcode Curl_output_digest(struct connectdata *conn,
static void digest_cleanup_one(struct digestdata *d)
{
if(d->nonce)
free(d->nonce);
d->nonce = NULL;
if(d->cnonce)
free(d->cnonce);
d->cnonce = NULL;
if(d->realm)
free(d->realm);
d->realm = NULL;
if(d->opaque)
free(d->opaque);
d->opaque = NULL;
if(d->qop)
free(d->qop);
d->qop = NULL;
if(d->algorithm)
free(d->algorithm);
d->algorithm = NULL;
Curl_safefree(d->nonce);
Curl_safefree(d->cnonce);
Curl_safefree(d->realm);
Curl_safefree(d->opaque);
Curl_safefree(d->qop);
Curl_safefree(d->algorithm);
d->nc = 0;
d->algo = CURLDIGESTALGO_MD5; /* default algorithm */