Always regenerate req->priv->req_header.

2001-08-24  Alex Graveley  <alex@ximian.com>

	* src/soup-core/soup-queue.c (soup_queue_connect_cb): Always
	regenerate req->priv->req_header.

	* src/soup-core/soup-ntlm.c (soup_ntlm_lanmanager_hash): pass 15
	byte buffer to work around array bounds read by setup_schedule.

	* src/soup-core/soup-message.c (authorize_handler): No need to
	free msg->priv->req_header as it is generated on each request now.
	(soup_message_set_request_header): Ditto.

	* src/soup-core/soup-auth.c (ntlm_auth): Only return
	auth->response one time. Subsequent calls return NULL.

	* src/soup-core/soup-queue.c (soup_encode_http_auth): Check for
	NULL auth response.

5 files changed, 76 insertions, 60 deletions

diff --git a/ChangeLog b/ChangeLog
index 299396cf..e9532547 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,21 @@
+2001-08-24  Alex Graveley  <alex@ximian.com>
+
+	* src/soup-core/soup-queue.c (soup_queue_connect_cb): Always
+	regenerate req->priv->req_header.
+
+	* src/soup-core/soup-ntlm.c (soup_ntlm_lanmanager_hash): pass 15
+	byte buffer to work around array bounds read by setup_schedule.
+
+	* src/soup-core/soup-message.c (authorize_handler): No need to
+	free msg->priv->req_header as it is generated on each request now.
+	(soup_message_set_request_header): Ditto.
+
+	* src/soup-core/soup-auth.c (ntlm_auth): Only return
+	auth->response one time. Subsequent calls return NULL.
+
+	* src/soup-core/soup-queue.c (soup_encode_http_auth): Check for
+	NULL auth response.
+
 2001-08-23  Alex Graveley  <alex@ximian.com>
 
 	* src/soup-core/soup-auth.c (ntlm_new): Fix under-allocation.
diff --git a/libsoup/soup-auth.c b/libsoup/soup-auth.c
index b3050afc..13a1f6f9 100644
--- a/libsoup/soup-auth.c
+++ b/libsoup/soup-auth.c
@@ -480,7 +480,6 @@ soup_auth_new_digest (void)
 
 typedef struct {
 	SoupAuth  auth;
-	gchar    *request;
 	gchar    *response;
 } SoupAuthNTLM;
 
@@ -490,14 +489,43 @@ ntlm_compare_func (SoupAuth *a, SoupAuth *b)
 	return TRUE;
 } 
 
+/*
+ * SoupAuthNTLMs are one time use. Just return the response, and set our
+ * reference to NULL so future requests do not include this header.
+ */
 static gchar *
 ntlm_auth (SoupAuth *sa, SoupMessage *msg)
 {
 	SoupAuthNTLM *auth = (SoupAuthNTLM *) sa;
+	gchar *ret;
+
+	ret = auth->response;
+	auth->response = NULL;
 
-	return auth->response ? auth->response : auth->request;
+	return ret;
 }
 
+static inline gchar *
+ntlm_get_authmech_token (const SoupUri *uri, gchar *key)
+{
+	gchar *idx;
+	gint len;
+
+	if (!uri->authmech) return NULL;
+
+      	idx = strstr (uri->authmech, key);
+	if (idx) {
+		idx += strlen (key);
+
+		len = strcspn (idx, ",; ");
+		if (len)
+			return g_strndup (idx, len);
+		else
+			return g_strdup (idx);
+	}
+
+	return NULL;
+}
 
 /*
  * FIXME: Because NTLM is a two step process, we parse the host and domain out
@@ -510,39 +538,15 @@ ntlm_parse (SoupAuth *sa, const char *header)
 {
 	SoupAuthNTLM *auth = (SoupAuthNTLM *) sa;
 	const SoupUri *uri = soup_context_get_uri (auth->auth.context);
-	gchar *idx, *host = NULL, *domain = NULL;
+	gchar *host, *domain;
 
-	/*
-	idx = strchr (uri->host, '.');
-	if (idx)
-		host = g_strndup (uri->host, idx - uri->host);
-	else
-		host = g_strdup (uri->host);
-
-	if (uri->authmech) {
-		idx = strstr (uri->authmech, "domain=");
-		if (idx) {
-			gint len;
-
-			idx += sizeof ("domain=") - 1;
-
-			len = strcspn (idx, ",; ");
-			if (len)
-				domain = g_strndup (idx, len);
-			else
-				domain = g_strdup (idx);
-		}
-	}
-
-	soup_debug_print_uri (uri);
-	*/
-
-	host = "FAKEHOST";
-	domain = "FAKEDOMAIN";
+	host   = ntlm_get_authmech_token (uri, "host=");
+	domain = ntlm_get_authmech_token (uri, "domain=");
 
 	if (strlen (header) < sizeof ("NTLM"))
-		auth->request = soup_ntlm_request (host, 
-						   domain ? domain : "UNKNOWN");
+		auth->response = 
+			soup_ntlm_request (host ? host : "UNKNOWN", 
+					   domain ? domain : "UNKNOWN");
 	else {
 		gchar lm_hash [21], nt_hash [21];
 
@@ -554,14 +558,12 @@ ntlm_parse (SoupAuth *sa, const char *header)
 					    uri->user,
 					    (gchar *) &lm_hash,
 					    (gchar *) &nt_hash,
-					    host,
+					    host ? host : "UNKNOWN",
 					    domain ? domain : "UNKNOWN");
 	}
 
-	/*
 	g_free (host);
 	g_free (domain);
-	*/
 }
 
 static void
@@ -569,7 +571,6 @@ ntlm_free (SoupAuth *sa)
 {
 	SoupAuthNTLM *auth = (SoupAuthNTLM *) sa;
 
-	g_free (auth->request);
 	g_free (auth->response);
 	g_free (auth);
 }
@@ -589,6 +590,7 @@ ntlm_new (void)
 	return (SoupAuth *) auth;
 }
 
+
 /*
  * Generic Authentication Interface
  */
diff --git a/libsoup/soup-message.c b/libsoup/soup-message.c
index 3a14ab1b..ffbe2706 100644
--- a/libsoup/soup-message.c
+++ b/libsoup/soup-message.c
@@ -44,11 +44,6 @@ authorize_handler (SoupMessage *msg, gboolean proxy)
 
 	ctx->auth = auth;
 
-	if (msg->priv->req_header) {
-		g_string_free (msg->priv->req_header, TRUE);
-		msg->priv->req_header = NULL;
-	}
-
 	soup_message_queue (msg, msg->priv->callback, msg->priv->user_data);
 
         return SOUP_ERROR_NONE;
@@ -368,11 +363,6 @@ soup_message_set_request_header (SoupMessage *req,
 	g_return_if_fail (req != NULL);
 	g_return_if_fail (name != NULL || name [0] != '\0');
 
-	if (req->priv->req_header) {
-		g_string_free (req->priv->req_header, TRUE);
-		req->priv->req_header = NULL;
-	}
-
 	soup_message_set_header (&req->request_headers, name, value);
 }
 
diff --git a/libsoup/soup-ntlm.c b/libsoup/soup-ntlm.c
index 19797451..43a67dcc 100644
--- a/libsoup/soup-ntlm.c
+++ b/libsoup/soup-ntlm.c
@@ -65,14 +65,14 @@ static void calc_response         (const guchar        *key,
 void
 soup_ntlm_lanmanager_hash (const char *password, char hash[21])
 {
-	guchar lm_password [14];
+	guchar lm_password [15];
 	DES_KS ks;
 	int i;
 
 	for (i = 0; i < 14 && password [i]; i++)
 		lm_password [i] = toupper ((unsigned char) password [i]);
 
-	for (; i < 14; i++)
+	for (; i < 15; i++)
 		lm_password [i] = '\0';
 
 	memcpy (hash, LM_PASSWORD_MAGIC, 21);
diff --git a/libsoup/soup-queue.c b/libsoup/soup-queue.c
index 6d79fb84..f2279536 100644
--- a/libsoup/soup-queue.c
+++ b/libsoup/soup-queue.c
@@ -220,21 +220,23 @@ static void
 soup_encode_http_auth (SoupMessage *msg, GString *header, gboolean proxy_auth)
 {
 	SoupContext *ctx;
+	char *token;
 
 	ctx = proxy_auth ? soup_get_proxy () : msg->context;
 
 	if (ctx->auth) {
-		char *token;
-
 		token = soup_auth_authorize (ctx->auth, msg);
-
-		g_string_sprintfa (
-			header, 
-			"%s: %s\r\n",
-			proxy_auth ? "Proxy-Authorization" : "Authorization",
-			token);
-
-		g_free (token);
+		if (token) {
+			g_string_sprintfa (
+				header, 
+				"%s: %s\r\n",
+				proxy_auth ? 
+				        "Proxy-Authorization" : 
+				        "Authorization",
+				token);
+
+			g_free (token);
+		}
  	}
 }
 
@@ -433,8 +435,12 @@ soup_queue_connect_cb (SoupContext          *ctx,
 			return;
 		}
 
-		if (!req->priv->req_header)
-			req->priv->req_header = soup_get_request_header (req);
+		if (req->priv->req_header) {
+			g_string_free (req->priv->req_header, TRUE);
+			req->priv->req_header = NULL;
+		}
+
+		req->priv->req_header = soup_get_request_header (req);
 
 		channel = soup_connection_get_iochannel (conn);