From: Amos Jeffries Date: Wed, 13 Aug 2008 06:04:16 +0000 (-0600) Subject: Author: Markus X-Git-Tag: SQUID_3_0_STABLE9~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8890850ecf21a55611fda866616624cc7ce73ad7;p=thirdparty%2Fsquid.git Author: Markus Bug 2426: Increase buffer in authenticateNegotiateStart / squid_kerb_auth --- diff --git a/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c b/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c index 08acc269ee..cad7e6f1a1 100644 --- a/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c +++ b/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c @@ -37,6 +37,10 @@ #include "spnegohelp.h" #endif +// AYJ: must match the definition in src/auth/negotiate/auth_negotiate.cc +#define MAX_AUTHTOKEN_LEN 32768 + +// AYJ: match define in include/rfc2181.h #ifndef HOST_NAME_MAX #define HOST_NAME_MAX 256 #endif @@ -172,11 +176,9 @@ int check_gss_err(OM_uint32 major_status, OM_uint32 minor_status, const char* fu return(0); } - - int main(int argc, char * const argv[]) { - char buf[6400]; + char buf[MAX_AUTHTOKEN_LEN]; char *c; int length=0; static int err=0; diff --git a/src/auth/negotiate/auth_negotiate.cc b/src/auth/negotiate/auth_negotiate.cc index 9f7ceaccdc..a9d2c79384 100644 --- a/src/auth/negotiate/auth_negotiate.cc +++ b/src/auth/negotiate/auth_negotiate.cc @@ -50,6 +50,12 @@ #include "negotiateScheme.h" #include "wordlist.h" +/** + * Maximum length (buffer size) for token strings. + */ +// AYJ: must match re-definition in helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c +#define MAX_AUTHTOKEN_LEN 32768 + static void authenticateNegotiateReleaseServer(AuthUserRequest * auth_user_request); @@ -547,7 +553,7 @@ void AuthNegotiateUserRequest::module_start(RH * handler, void *data) { authenticateStateData *r = NULL; - static char buf[8192]; + static char buf[MAX_AUTHTOKEN_LEN]; negotiate_user_t *negotiate_user; auth_user_t *auth_user = user(); @@ -573,9 +579,9 @@ AuthNegotiateUserRequest::module_start(RH * handler, void *data) AUTHUSERREQUESTLOCK(r->auth_user_request, "r"); if (auth_state == AUTHENTICATE_STATE_INITIAL) { - snprintf(buf, 8192, "YR %s\n", client_blob); //CHECKME: can ever client_blob be 0 here? + snprintf(buf, MAX_AUTHTOKEN_LEN, "YR %s\n", client_blob); //CHECKME: can ever client_blob be 0 here? } else { - snprintf(buf, 8192, "KK %s\n", client_blob); + snprintf(buf, MAX_AUTHTOKEN_LEN, "KK %s\n", client_blob); } waiting = 1;