Re: Patch to allow GSSAPI authentication to a socks5 server
Date: Sat, 24 Jan 2009 21:13:50 -0000
"Daniel Stenberg" <daniel_at_haxx.se> wrote in message
> On Tue, 13 Jan 2009, Markus Moeller wrote:
>> I think I fixed the points above.
> Ok, I edited in a few further changes I think it needed:
> - Applied and synced with current CVS.
> - I removed all uses of sprintf() and included the correct header for our
> internal printf stuff. I think a few places could use aprintf() instead
> malloc() and memcpy()s etc, but...
> - I also unified a few things between the two implementations, since I
> think a lot of code needs to bother about the diffs. Thus they both
> the same function name now.
> - I modded some code to put the string
> data->set.str[STRING_SOCKS5_GSSAPI_SERVICE] into a local variable as
> repeated accesses to that long name makes the code awkward to read!
> (Please verify that everything still works!)
> But most importantly what is still left to fix:
> * I added checks for the malloc() calls I could find with returns on
> These are not really fine since they will leak memory in case of
> Adding proper ways to bail out may require use of a few more functions
I am not sure if I understand where are you getting at. All allocated
memory will be freed before returning on failure (mostly via gss_.. calls) .
> * I'm not friends with large stack uses and 64K matches that description
> I would like that memory to get allocated. Then the pointer to the
> is passed on to the sub function with a pointer only - without a
> and the Curl_SOCKS5_gssapi_negotiate() implementations just assume
> sufficient length. That's asking a little too much for trouble in the
> future. I would like to see a length argument being passed in to the
> function as well, and the function of course make really sure that it
> writes beyond that boundary.
I removed that part and use a small local array and when required allocate
the needed memory.
> Would you rather like me to commit the work we have right now and you can
> further patches on that, or do you rather polish the complete patch like
I created a diff against 7.19.3.
> / daniel.haxx.se
- application/octet-stream attachment: curl-7.19.3-socks5-gssapi.patch