changeset 22312:01e814b7556b

Patch from eperez to plug a leak in the ntlm proxy authentication. Fixes #4702
author Daniel Atallah <daniel.atallah@gmail.com>
date Wed, 20 Feb 2008 03:04:47 +0000
parents c1e754d1d884
children 42724bd41274
files libpurple/proxy.c
diffstat 1 files changed, 9 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/libpurple/proxy.c	Tue Feb 19 19:30:19 2008 +0000
+++ b/libpurple/proxy.c	Wed Feb 20 03:04:47 2008 +0000
@@ -737,6 +737,7 @@
 				proxy_do_write(connect_data, connect_data->fd, cond);
 				return;
 			} else if((ntlm = g_strrstr((const char *)connect_data->read_buffer, "Proxy-Authenticate: NTLM"))) { /* Empty message */
+				gchar *ntlm_type1;
 				gchar request[2048];
 				gchar *domain = (gchar*) purple_proxy_info_get_username(connect_data->gpi);
 				gchar *username = NULL;
@@ -759,11 +760,13 @@
 						connect_data->host, connect_data->port);
 
 				g_return_if_fail(request_len < sizeof(request));
+				ntlm_type1 = purple_ntlm_gen_type1(hostname, domain);
 				request_len += g_snprintf(request + request_len,
 					sizeof(request) - request_len,
 					"Proxy-Authorization: NTLM %s\r\n"
 					"Proxy-Connection: Keep-Alive\r\n\r\n",
-					purple_ntlm_gen_type1(hostname, domain));
+					ntlm_type1);
+				g_free(ntlm_type1);
 				*username = '\\';
 
 				purple_input_remove(connect_data->inpa);
@@ -847,7 +850,7 @@
 
 	if (purple_proxy_info_get_username(connect_data->gpi) != NULL)
 	{
-		char *t1, *t2;
+		char *t1, *t2, *ntlm_type1;
 		char hostname[256];
 
 		ret = gethostname(hostname, sizeof(hostname));
@@ -864,11 +867,14 @@
 		t2 = purple_base64_encode((const guchar *)t1, strlen(t1));
 		g_free(t1);
 
+		ntlm_type1 = purple_ntlm_gen_type1(hostname, "");
+
 		g_string_append_printf(request,
 			"Proxy-Authorization: Basic %s\r\n"
 			"Proxy-Authorization: NTLM %s\r\n"
 			"Proxy-Connection: Keep-Alive\r\n",
-			t2, purple_ntlm_gen_type1(hostname, ""));
+			t2, ntlm_type1);
+		g_free(ntlm_type1);
 		g_free(t2);
 	}