sasl_sspi: Don't use hard coded sizes in Kerberos V5 security data

Don't use a hard coded size of 4 for the security layer and buffer size
in Curl_sasl_create_gssapi_security_message(), instead, use sizeof() as
we have done in the sasl_gssapi module.

diff --git a/lib/curl_sasl_sspi.c b/lib/curl_sasl_sspi.c
index 883a0ee6811976368fc6b4f7fbc1d2275a7f995f..c63b85dd7921dca8d902f5732ef3f15f0dc25816 100644 (file)
--- a/lib/curl_sasl_sspi.c
+++ b/lib/curl_sasl_sspi.c
@@ -1068,8 +1068,6 @@ CURLcode Curl_sasl_create_gssapi_security_message(struct SessionHandle *data,
     max_size = 0;
   }
 
-  outdata = htonl(max_size) | sec_layer;
-
   /* Allocate the trailer */
   trailer = malloc(sizes.cbSecurityTrailer);
   if(!trailer)
@@ -1084,7 +1082,7 @@ CURLcode Curl_sasl_create_gssapi_security_message(struct SessionHandle *data,
   }
 
   /* Allocate our message */
-  messagelen = 4 + strlen(user_name) + 1;
+  messagelen = sizeof(outdata) + strlen(user_name) + 1;
   message = malloc(messagelen);
   if(!message) {
     Curl_safefree(trailer);
@@ -1098,8 +1096,9 @@ CURLcode Curl_sasl_create_gssapi_security_message(struct SessionHandle *data,
      terminator. Note: Dispite RFC4752 Section 3.1 stating "The authorization
      identity is not terminated with the zero-valued (%x00) octet." it seems
      necessary to include it. */
-  memcpy(message, &outdata, 4);
-  strcpy((char *)message + 4, user_name);
+  outdata = htonl(max_size) | sec_layer;
+  memcpy(message, &outdata, sizeof(outdata));
+  strcpy((char *) message + sizeof(outdata), user_name);
   Curl_unicodefree(user_name);
 
   /* Allocate the padding */