From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 5 Dec 2024 17:24:45 +0000 (+0100)
Subject: http_negotiate: allow for a one byte larger channel binding buffer
X-Git-Tag: curl-8_11_1~10
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6755ba593ce4dbe0735f14e12b9e9c5ccf597de7;p=thirdparty%2Fcurl.git

http_negotiate: allow for a one byte larger channel binding buffer

The channel binding data dynbuf was not set correctly making it fail with
CURLE_TOO_LARGE too easily.

Reported-by: galen11 on github
Fixes #15685
Closes #15694
---

diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
index 5dda475057..5d76bddf72 100644
--- a/lib/http_negotiate.c
+++ b/lib/http_negotiate.c
@@ -110,7 +110,7 @@ CURLcode Curl_input_negotiate(struct Curl_easy *data, struct connectdata *conn,
   /* Check if the connection is using SSL and get the channel binding data */
 #if defined(USE_SSL) && defined(HAVE_GSSAPI)
   if(conn->handler->flags & PROTOPT_SSL) {
-    Curl_dyn_init(&neg_ctx->channel_binding_data, SSL_CB_MAX_SIZE);
+    Curl_dyn_init(&neg_ctx->channel_binding_data, SSL_CB_MAX_SIZE + 1);
     result = Curl_ssl_get_channel_binding(
       data, FIRSTSOCKET, &neg_ctx->channel_binding_data);
     if(result) {