cURL / Mailing Lists / curl-library / Single Mail


Re: [PATCH 1/2] ntlm_wb: Fix hard-coded limit on NTLM auth packet size

From: Michael Osipov <>
Date: Fri, 11 Jul 2014 23:18:58 +0200

Am 2014-07-11 23:05, schrieb Steve Holme:
> On Fri, 11 Jul 2014, Steve Holme wrote:
>> 200 bytes is not enough; I currently see 516 bytes for an NTLMv2
>> session auth with target_info included. I can't bring myself just to
>> take the easy option and increase the buffer size. Instead, make it
>> reallocate as needed instead of having a hard limit.
> We currently use NTLM_BUFSIZE (as defined in curl_ntlm_msg.h) for the native
> implementation - I'm not necessarily saying this is good practise but at
> least it would be consistent and nice and quick (both in terms of a fix and
> in performance) ;-)
> I have quickly reviewed your patch and there are a few lines that don't
> follow the curl coding standards - which I can fix up before I push.
> However, I would be interested to hear other user's views on a hardcoded
> buffer size versus having to read the input and reallocate the buffer if it
> isn't long enough first.

If a static size is enough for most cases, this is fine but I do not
think that it makes sense to use something like char *buf = char[SIZE]
and then realizing at runtime that this is not enough and then resort to
malloc along with a memset. I like David's approach: char *buf =
malloc(SIZE) and then realloc if needed. Yes -- a malloc requires a free
but that should not be a problem.


List admin:
Received on 2014-07-11