SourceFormat Enforcement

[thirdparty/squid.git] / helpers / negotiate_auth / wrapper / negotiate_wrapper.cc

diff --git a/helpers/negotiate_auth/wrapper/negotiate_wrapper.cc b/helpers/negotiate_auth/wrapper/negotiate_wrapper.cc
index 0d1d2dd2cc83100fdaf9c11cfdc892bc8ec0d48a..0d90701ceae3b5e03cdb4e1365f03d2923f725cd 100644 (file)
--- a/helpers/negotiate_auth/wrapper/negotiate_wrapper.cc
+++ b/helpers/negotiate_auth/wrapper/negotiate_wrapper.cc
@@ -1,3 +1,11 @@
+/*
+ * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
+ *
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
+ */
+
 /*
  * -----------------------------------------------------------------------------
  *
@@ -21,34 +29,20 @@
  *
  * -----------------------------------------------------------------------------
  */
-/*
- * Hosted at http://sourceforge.net/projects/squidkerbauth
- */
 
 #include "squid.h"
 #include "base64.h"
 
-#if HAVE_STRING_H
-#include <string.h>
-#endif
-#if HAVE_STDIO_H
-#include <stdio.h>
-#endif
-#if HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
+#include <cerrno>
+#include <cstring>
+#include <cstdlib>
+#include <ctime>
 #if HAVE_NETDB_H
 #include <netdb.h>
 #endif
 #if HAVE_UNISTD_H
 #include <unistd.h>
 #endif
-#if HAVE_TIME_H
-#include <time.h>
-#endif
-#if HAVE_ERRNO_H
-#include <errno.h>
-#endif
 
 #if !defined(HAVE_DECL_XMALLOC) || !HAVE_DECL_XMALLOC
 #define xmalloc malloc
@@ -109,7 +103,7 @@ main(int argc, char *const argv[])
     int length;
     int nstart = 0, kstart = 0;
     int nend = 0, kend = 0;
-    char *token;
+    uint8_t *token;
     char **nargs, **kargs;
     int fpid;
     FILE *FDKIN,*FDKOUT;
@@ -335,17 +329,28 @@ main(int argc, char *const argv[])
             fprintf(stdout, "BH Invalid negotiate request\n");
             continue;
         }
-        length = base64_decode_len(buf+3);
+        length = BASE64_DECODE_LENGTH(strlen(buf+3));
         if (debug)
             fprintf(stderr, "%s| %s: Decode '%s' (decoded length: %d).\n",
                     LogTime(), PROGRAM, buf + 3, (int) length);
 
-        if ((token = (char *)xmalloc(length)) == NULL) {
+        if ((token = static_cast<uint8_t *>(xmalloc(length))) == NULL) {
             fprintf(stderr, "%s| %s: Error allocating memory for token\n", LogTime(), PROGRAM);
             return 1;
         }
 
-        length = base64_decode(token, length, buf+3);
+        struct base64_decode_ctx ctx;
+        base64_decode_init(&ctx);
+        size_t dstLen = 0;
+        if (!base64_decode_update(&ctx, &dstLen, token, strlen(buf+3), reinterpret_cast<const uint8_t*>(buf+3)) ||
+                !base64_decode_final(&ctx)) {
+            if (debug)
+                fprintf(stderr, "%s| %s: Invalid base64 token [%s]\n", LogTime(), PROGRAM, buf+3);
+            fprintf(stdout, "BH Invalid negotiate request token\n");
+            continue;
+        }
+        length = dstLen;
+        token[dstLen] = '\0';
 
         if ((static_cast<size_t>(length) >= sizeof(ntlmProtocol) + 1) &&
                 (!memcmp(token, ntlmProtocol, sizeof ntlmProtocol))) {
@@ -381,7 +386,7 @@ main(int argc, char *const argv[])
                 strcpy(buff,tbuff);
             }
         } else {
-            free(token);
+            xfree(token);
             if (debug)
                 fprintf(stderr, "%s| %s: received Kerberos token\n",
                         LogTime(), PROGRAM);
@@ -407,3 +412,4 @@ main(int argc, char *const argv[])
 
     return 1;
 }
+