cURL / Mailing Lists / curl-library / Single Mail


RE: [PATCH 1/2 v2] ntlm_wb: Fix hard-coded limit on NTLM auth packet size

From: Steve Holme <>
Date: Sat, 12 Jul 2014 15:45:19 +0100

On Sat, 12 Jul 2014, David Woodhouse wrote:

> I'm not entirely averse to a fixed-size buffer which is "big enough".
> But it's good practice to be able to realloc and continue, and a single
> malloc/free of 1KiB instead of using the stack shouldn't hurt us.

I agree - my concerns are:

* A buffer size of 1024 may be enough so is there any point in having realloc code?
* If 1024 isn't sufficient then I think we should address not only the Winbind code but also our native implementation

I must admit I don't know what the maximum length of an NTLM packet (Type 1, 2 or 3 message) can be off the top of my head and a quick scan of Eric Glass' NTLM spec didn't help answer the question either :(

As we have a pending release this week I have pushed a very quick fix to use the NTLM_BUFSIZE constant instead of hardcoding it to 200.

Kind Regards


List admin:
Received on 2014-07-12