From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 31 Mar 2016 08:22:42 +0000 (+0200)
Subject: SOCKS5_gssapi_negotiate: don't assume little-endian ints
X-Git-Tag: curl-7_49_0~255
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0ee0d30a9f0450144d60ea906987d69ddb808da4;p=thirdparty%2Fcurl.git

SOCKS5_gssapi_negotiate: don't assume little-endian ints

The code copied one byte from a 32bit integer, which works fine as long
as the byte order is the same. Not a fine assumption. Reported by PVS
Studio.

Reported-by: Alexis La Goutte
---

diff --git a/lib/socks_sspi.c b/lib/socks_sspi.c
index 356772e1f0..5f650be675 100644
--- a/lib/socks_sspi.c
+++ b/lib/socks_sspi.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2012 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
  * Copyright (C) 2009, 2011, Markus Moeller, <markus_moeller@compuserve.com>
  *
  * This software is licensed as described in the file COPYING, which
@@ -70,7 +70,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
   /* Needs GSS-API authentication */
   SECURITY_STATUS status;
   unsigned long sspi_ret_flags = 0;
-  int gss_enc;
+  unsigned char gss_enc;
   SecBuffer sspi_send_token, sspi_recv_token, sspi_w_token[3];
   SecBufferDesc input_desc, output_desc, wrap_desc;
   SecPkgContext_Sizes sspi_sizes;