diff options
| author | Patrick Monnerat <patrick@monnerat.net> | 2021-08-16 08:35:22 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2021-08-16 08:36:10 +0200 |
| commit | 7da2990b199225140bf1adea4caf7fa7b55e4f4b (patch) | |
| tree | a8d49b6f420d3e71c67435a4642d6cbbf8cf88bd | |
| parent | 396a2d7fe3b9d10acfd69656490efd0dbbefc7b0 (diff) | |
| download | curl-7da2990b199225140bf1adea4caf7fa7b55e4f4b.tar.gz | |
auth: do not append zero-terminator to authorisation id in kerberos
RFC4752 Section 3.1 states "The authorization identity is not terminated
with a zero-valued (%x00) octet". Although a comment in code said it may
be needed anyway, nothing confirms it. In addition, servers may consider
it as part of the identity, causing a failure.
Closes #7008
| -rw-r--r-- | lib/vauth/krb5_gssapi.c | 11 | ||||
| -rw-r--r-- | lib/vauth/krb5_sspi.c | 11 |
2 files changed, 8 insertions, 14 deletions
diff --git a/lib/vauth/krb5_gssapi.c b/lib/vauth/krb5_gssapi.c index 5c126eb59..67d43bd56 100644 --- a/lib/vauth/krb5_gssapi.c +++ b/lib/vauth/krb5_gssapi.c @@ -247,8 +247,8 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, /* Allocate our message */ messagelen = 4; - if(authzid && *authzid) - messagelen += strlen(authzid) + 1; + if(authzid) + messagelen += strlen(authzid); message = malloc(messagelen); if(!message) return CURLE_OUT_OF_MEMORY; @@ -260,13 +260,10 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, message[2] = (max_size >> 8) & 0xFF; message[3] = max_size & 0xFF; - /* If given, append the authorization identity including the 0x00 based - terminator. Note: Despite RFC4752 Section 3.1 stating "The authorization - identity is not terminated with the zero-valued (%x00) octet." it seems - necessary to include it. */ + /* If given, append the authorization identity. */ if(authzid && *authzid) - strcpy((char *) message + 4, authzid); + memcpy(message + 4, authzid, messagelen - 4); /* Setup the "authentication data" security buffer */ input_token.value = message; diff --git a/lib/vauth/krb5_sspi.c b/lib/vauth/krb5_sspi.c index 2e6368871..c652fd736 100644 --- a/lib/vauth/krb5_sspi.c +++ b/lib/vauth/krb5_sspi.c @@ -344,8 +344,8 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, /* Allocate our message */ messagelen = 4; - if(authzid && *authzid) - messagelen += strlen(authzid) + 1; + if(authzid) + messagelen += strlen(authzid); message = malloc(messagelen); if(!message) { free(trailer); @@ -360,13 +360,10 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, message[2] = (max_size >> 8) & 0xFF; message[3] = max_size & 0xFF; - /* If given, append the authorization identity including the 0x00 based - terminator. Note: Despite RFC4752 Section 3.1 stating "The authorization - identity is not terminated with the zero-valued (%x00) octet." it seems - necessary to include it. */ + /* If given, append the authorization identity. */ if(authzid && *authzid) - strcpy((char *) message + 4, authzid); + memcpy(message + 4, authzid, messagelen - 4); /* Allocate the padding */ padding = malloc(sizes.cbBlockSize); |